public async Task GetAsync() { string tenantId = "3485b963-82ba-4a6f-810f-b5cc226ff898"; // Get a token for the Microsoft Graph. If this line throws an exception for any reason, we'll just let the exception be returned as a 500 response // to the caller, and show a generic error message to the user. IConfidentialClientApplication daemonClient; daemonClient = ConfidentialClientApplicationBuilder.Create(Startup.clientId) .WithAuthority(string.Format(AuthorityFormat, tenantId)) .WithRedirectUri(Startup.redirectUri) .WithClientSecret(Startup.clientSecret) .Build(); var serializedAppTokenCache = new MSALAppTokenMemoryCache(daemonClient.AppTokenCache); var serializedUserTokenCache = new MSALUserTokenMemoryCache(daemonClient.UserTokenCache); AuthenticationResult authResult = await daemonClient.AcquireTokenForClient(new[] { MSGraphScope }) .ExecuteAsync(); // Query for list of users in the tenant HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, MSGraphQuery); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken); //request.Content = new StringContent("{\"fields\": {\"Title\": \"asd\",\"Email\": \"[email protected]\"}\"}"); HttpResponseMessage response = await client.SendAsync(request); var a = "2"; // If the token we used was insufficient to make the query, drop the token from the cache. The Users page of the website will show a message to the user instructing them to grant // permissions to the app (see User/Index.cshtml). if (response.StatusCode == System.Net.HttpStatusCode.Forbidden) { // Here, we should clear MSAL's app token cache to ensure that on a subsequent call to SyncController, MSAL does not return the same access token that resulted in this 403. // By clearing the cache, MSAL will be forced to retrieve a new access token from AAD, which will contain the most up-to-date set of permissions granted to the app. Since MSAL // currently does not provide a way to clear the app token cache, we have commented this line out. Thankfully, since this app uses the default in-memory app token cache, the app still // works correctly, since the in-memory cache is not persistent across calls to SyncController anyway. If you build a persistent app token cache for MSAL, you should make sure to clear // it at this point in the code. serializedAppTokenCache.Clear(Startup.clientId); } if (!response.IsSuccessStatusCode) { throw new HttpResponseException(response.StatusCode); } // Record users in the data store (note that this only records the first page of users) string json = await response.Content.ReadAsStringAsync(); JObject obj = await response.Content.ReadAsAsync <JObject>(); MsGraphUserListResponse users = JsonConvert.DeserializeObject <MsGraphUserListResponse>(json); var b = users.value; usersByTenant[tenantId] = users.value; }
private void Getusers(AuthenticationResult authResult, MSALUserTokenMemoryCache serializedAppTokenCache) { var handler = new HttpClientHandler { UseProxy = true, Proxy = new WebProxy { Address = new Uri(""), Credentials = new NetworkCredential("gsddsdgdgd", "dfgfdgsfdgfdgfd") } }; HttpClient client = new HttpClient(handler, true); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, MSGraphQuery); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken); HttpResponseMessage response = client.SendAsync(request).GetAwaiter().GetResult(); string json = response.Content.ReadAsStringAsync().GetAwaiter().GetResult(); Response.Write($"{json}\n"); }
/// <summary> /// Clears all cached tokens obtained and cached for the app itself. /// If you have scenarios like on-behalf-of which results in the user token cache caching tokens for users as well, that'd be cleared up here as well /// </summary> private void RemovedCachedTokensForApp() { string tenantId = ClaimsPrincipal.Current?.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid")?.Value; if (string.IsNullOrEmpty(tenantId)) { return; } IConfidentialClientApplication daemonClient; daemonClient = ConfidentialClientApplicationBuilder.Create(Startup.clientId) .WithAuthority(string.Format(AuthorityFormat, tenantId)) .WithRedirectUri(Startup.redirectUri) .WithClientSecret(Startup.clientSecret) .Build(); var serializedUserTokenCache = new MSALUserTokenMemoryCache(Startup.clientId, daemonClient.UserTokenCache); serializedUserTokenCache.Clear(); }
private void RemovedCachedTokensForApp() { string tenantId = ClaimsPrincipal.Current?.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid")?.Value; if (string.IsNullOrEmpty(tenantId)) { return; } IConfidentialClientApplication daemonClient; daemonClient = ConfidentialClientApplicationBuilder.Create(TestSite.Startup.clientId) .WithAuthority("http://login.microsoftonline.com/74179e4d-962e-4fdb-bd11-9803ffe026cb/oauth2/authorize") .WithRedirectUri(TestSite.Startup.redirectUri) .Build(); var serializedUserTokenCache = new MSALUserTokenMemoryCache(TestSite.Startup.clientId, daemonClient.UserTokenCache); serializedUserTokenCache.Clear(); }