public async Task GetAsync()
{
string tenantId = "3485b963-82ba-4a6f-810f-b5cc226ff898";
// Get a token for the Microsoft Graph. If this line throws an exception for any reason, we'll just let the exception be returned as a 500 response
// to the caller, and show a generic error message to the user.
IConfidentialClientApplication daemonClient;
daemonClient = ConfidentialClientApplicationBuilder.Create(Startup.clientId)
.WithAuthority(string.Format(AuthorityFormat, tenantId))
.WithRedirectUri(Startup.redirectUri)
.WithClientSecret(Startup.clientSecret)
.Build();
var serializedAppTokenCache = new MSALAppTokenMemoryCache(daemonClient.AppTokenCache);
var serializedUserTokenCache = new MSALUserTokenMemoryCache(daemonClient.UserTokenCache);
AuthenticationResult authResult = await daemonClient.AcquireTokenForClient(new[] { MSGraphScope })
.ExecuteAsync();
// Query for list of users in the tenant
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, MSGraphQuery);
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
//request.Content = new StringContent("{\"fields\": {\"Title\": \"asd\",\"Email\": \"[email protected]\"}\"}");
HttpResponseMessage response = await client.SendAsync(request);
var a = "2";
// If the token we used was insufficient to make the query, drop the token from the cache. The Users page of the website will show a message to the user instructing them to grant
// permissions to the app (see User/Index.cshtml).
if (response.StatusCode == System.Net.HttpStatusCode.Forbidden)
{
// Here, we should clear MSAL's app token cache to ensure that on a subsequent call to SyncController, MSAL does not return the same access token that resulted in this 403.
// By clearing the cache, MSAL will be forced to retrieve a new access token from AAD, which will contain the most up-to-date set of permissions granted to the app. Since MSAL
// currently does not provide a way to clear the app token cache, we have commented this line out. Thankfully, since this app uses the default in-memory app token cache, the app still
// works correctly, since the in-memory cache is not persistent across calls to SyncController anyway. If you build a persistent app token cache for MSAL, you should make sure to clear
// it at this point in the code.
serializedAppTokenCache.Clear(Startup.clientId);
}
if (!response.IsSuccessStatusCode)
{
throw new HttpResponseException(response.StatusCode);
}
// Record users in the data store (note that this only records the first page of users)
string json = await response.Content.ReadAsStringAsync();
JObject obj = await response.Content.ReadAsAsync <JObject>();
MsGraphUserListResponse users = JsonConvert.DeserializeObject <MsGraphUserListResponse>(json);
var b = users.value;
usersByTenant[tenantId] = users.value;
}
/// <summary>
/// Clears all cached tokens obtained and cached for the app itself.
/// If you have scenarios like on-behalf-of which results in the user token cache caching tokens for users as well, that'd be cleared up here as well
/// </summary>
private void RemovedCachedTokensForApp()
{
MSALAppTokenMemoryCache appTokenCache = new MSALAppTokenMemoryCache(Startup.clientId);
appTokenCache.Clear();
}
