コード例 #1
        /// <summary>
        /// Authentication is done using the preview version of the Microsoft Identity Client (Microsoft Authentication Library or MSAL).
        /// See https://developer.microsoft.com/en-us/graph/docs/concepts/auth_overview and https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-libraries
        /// </summary>
        /// <returns>Object holding information about the authentication flow</returns>
        private AuthenticationResult Authenticate()
            var appCredentials    = new ClientCredential(this.appPassword);
            var authority         = new Uri(this.AADLogin, this.aadDomain).AbsoluteUri;
            var clientApplication = new ConfidentialClientApplication(this.appId, authority, this.RedirectUri, appCredentials, new TokenCache(), new TokenCache());
            AuthenticationResult authenticationResult = clientApplication.AcquireTokenForClientAsync(DefaultScope).GetAwaiter().GetResult();

コード例 #2
        /// <summary>
        /// Get Token for App.
        /// </summary>
        /// <returns>Token for app.</returns>
        public static async Task <string> GetTokenForAppAsync()
            AuthenticationResult authResult;

            authResult = await IdentityAppOnlyApp.AcquireTokenForClientAsync(new string[] { "https://graph.microsoft.com/.default" });

            TokenForApp = authResult.AccessToken;

コード例 #3
        public async Task ForceRefreshParameterTrueTestAsync()
            await RunWithMockHttpAsync(
                async (httpManager, serviceBundle, receiver) =>

                var cache = new TokenCache();

                string authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityTestTenant, false)
                var app = new ConfidentialClientApplication(
                    new ClientCredential(MsalTestConstants.ClientSecret),
                    ValidateAuthority = false


                //add mock response for successful token retrival
                const string TokenRetrievedFromNetCall = "token retrieved from network call";
                    new MockHttpMessageHandler
                    Method          = HttpMethod.Post,
                    ResponseMessage =

                var result = await app.AcquireTokenForClientAsync(MsalTestConstants.Scope, true).ConfigureAwait(false);
                Assert.AreEqual(TokenRetrievedFromNetCall, result.AccessToken);

                // make sure token in Cache was updated
                ICollection <MsalAccessTokenCacheItem> accessTokens =
                    cache.GetAllAccessTokensForClient(new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)));
                var accessTokenInCache = accessTokens
                                         .Where(item => ScopeHelper.ScopeContains(item.ScopeSet, MsalTestConstants.Scope))

                Assert.AreEqual(TokenRetrievedFromNetCall, accessTokenInCache.Secret);
                        anEvent =>     // Expect finding such an event
                        anEvent[EventBase.EventNameKey].EndsWith("api_event") &&
                        anEvent[ApiEvent.WasSuccessfulKey] == "true" && anEvent[ApiEvent.ApiIdKey] == "727"));
コード例 #4
        public static void Run([TimerTrigger("*/30 * * * * *")] TimerInfo myTimer, TraceWriter log)
            log.Info($"C# Timer trigger function executed at: {DateTime.Now}");
                ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(ConfigurationManager.AppSettings["clientId"],
                                                                                               String.Format(authorityFormat, tenantId),
                                                                                               new ClientCredential(ConfigurationManager.AppSettings["clientSecret"]),
                                                                                               null, new TokenCache());

                AuthenticationResult authResult = daemonClient.AcquireTokenForClientAsync(new string[] { msGraphScope }).GetAwaiter().GetResult();

                // Query for list of users in the tenant
                HttpClient         client  = new HttpClient();
                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, msGraphQuery);
                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
                HttpResponseMessage response = client.SendAsync(request).GetAwaiter().GetResult();

                // If the token we used was insufficient to make the query, drop the token from the cache.
                // The Users page of the website will show a message to the user instructing them to grant
                // permissions to the app (see User/Index.cshtml).
                if (response.StatusCode == System.Net.HttpStatusCode.Forbidden)
                    // BUG: Here, we should clear MSAL's app token cache to ensure that on a subsequent call
                    // to SyncController, MSAL does not return the same access token that resulted in this 403.
                    // By clearing the cache, MSAL will be forced to retrieve a new access token from AAD,
                    // which will contain the most up-to-date set of permissions granted to the app. Since MSAL
                    // currently does not provide a way to clear the app token cache, we have commented this line
                    // out. Thankfully, since this app uses the default in-memory app token cache, the app still
                    // works correctly, since the in-memory cache is not persistent across calls to SyncController
                    // anyway. If you build a persistent app token cache for MSAL, you should make sure to clear
                    // it at this point in the code.
                    log.Error("Unable to issue query: Received " + response.StatusCode + " in Run method");

                if (!response.IsSuccessStatusCode)
                    log.Error("Unable to issue query: Received " + response.StatusCode + " in Run method");

                // Record users in the data store (note that this only records the first page of users)
                string json = response.Content.ReadAsStringAsync().GetAwaiter().GetResult();
                MsGraphUserListResponse users = JsonConvert.DeserializeObject <MsGraphUserListResponse>(json);
                usersByTenant[tenantId] = users.value;
                log.Info("Successfully synchronized " + users.value.Count + " users!");
            catch (Exception oops)
                log.Error(oops.Message, oops, "AzureSyncFunction.UserSync.Run");
コード例 #5
        public async Task Get(string tenantId)
            // Get a token for the Microsoft Graph. If this line throws an exception for
            // any reason, we'll just let the exception be returned as a 500 response
            // to the caller, and show a generic error message to the user.
            ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(
                String.Format(authorityFormat, tenantId),
                new ClientCredential(Startup.clientSecret),
                new TokenCache());
            AuthenticationResult authResult = await daemonClient.AcquireTokenForClientAsync(
                new string[] { msGraphScope });

            // Query for list of users in the tenant
            HttpClient         client  = new HttpClient();
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, msGraphQuery);

            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
            HttpResponseMessage response = await client.SendAsync(request);

            // If the token we used was insufficient to make the query, drop the token from the cache.
            // The Users page of the website will show a message to the user instructing them to grant
            // permissions to the app (see User/Index.cshtml).
            if (response.StatusCode == System.Net.HttpStatusCode.Forbidden)
                // BUG: Here, we should clear MSAL's app token cache to ensure that on a subsequent call
                // to SyncController, MSAL does not return the same access token that resulted in this 403.
                // By clearing the cache, MSAL will be forced to retrieve a new access token from AAD,
                // which will contain the most up-to-date set of permissions granted to the app. Since MSAL
                // currently does not provide a way to clear the app token cache, we have commented this line
                // out. Thankfully, since this app uses the default in-memory app token cache, the app still
                // works correctly, since the in-memory cache is not persistent across calls to SyncController
                // anyway. If you build a persistent app token cache for MSAL, you should make sure to clear
                // it at this point in the code.

            if (!response.IsSuccessStatusCode)
                throw new HttpResponseException(response.StatusCode);

            // Record users in the data store (note that this only records the first page of users)
            string json = await response.Content.ReadAsStringAsync();

            MsGraphUserListResponse users = JsonConvert.DeserializeObject <MsGraphUserListResponse>(json);

            usersByTenant[tenantId] = users.value;
コード例 #6
        private async Task RefreshTokenIfNecessaryAsync()
            if (expirationMoment <= DateTimeOffset.UtcNow.AddSeconds(-5))
                var authority    = $"{azureAdConfiguration.Instance}{azureAdConfiguration.TenantId}";
                var redirectUri  = "http://localhost"; //mock
                var daemonClient = new ConfidentialClientApplication(azureAdConfiguration.ClientId, authority, redirectUri, new ClientCredential(azureAdConfiguration.ClientSecret), null, new TokenCache());
                var authResult   = await daemonClient.AcquireTokenForClientAsync(new string[] { $"{dynamicsConfiguration.OrganizationUri}.default" });

                token            = authResult.AccessToken;
                expirationMoment = authResult.ExpiresOn;
        private static async Task <string> AcquireAccessTokenAsync()
            var app = new ConfidentialClientApplication(
                new ClientCredential(_settings.ClientSecret),
                userTokenCache: null,
                appTokenCache: new TokenCache());
            var result = await app.AcquireTokenForClientAsync(new[] { $"{_settings.EmployeeApiAppIdUri}/.default" });

コード例 #8
        private static async Task <string> getAdTokenAsync(IConfiguration configuration, string azureAdSectionName = null)
            azureAdSectionName = azureAdSectionName ?? AzureADDefaults.AuthenticationScheme;
            var adSection = configuration.GetSection(azureAdSectionName) ?? configuration.GetSection("AzureAD") ?? configuration.GetSection("AzureAd");
            var adOptions = new AzureADOptions();


            var clientId = adSection["ClientId"];

            if (string.IsNullOrWhiteSpace(clientId))
                throw new Exception($"require configuration for AzureAD.ClientId");
            var clientSecret = adSection["ClientSecret"];

            if (string.IsNullOrWhiteSpace(clientSecret))
                throw new Exception($"require configuration for AzureAD.ClientSecret");

            //var instance = adSection["Instance"];
            //if (string.IsNullOrWhiteSpace(instance)) { throw new Exception($"require configuration for AzureAD.Instance"); }
            string[] scopes      = new string[] { "https://graph.microsoft.com/.default" };
            var      credential  = new ClientCredential(secret: clientSecret);
            var      authority   = adSection["Instance"] ?? "https://graph.windows.net/";
            var      authContext = new ConfidentialClientApplication(
                clientId: clientId,
                authority: authority,
                redirectUri: "http://daemon",
                clientCredential: credential,
                userTokenCache: null,
                appTokenCache: new TokenCache()

                var authResult = await authContext.AcquireTokenForClientAsync(scopes);

            catch (MsalServiceException ex)
                // Case when ex.Message contains:
                // AADSTS70011 Invalid scope. The scope has to be of the form "https://resourceUrl/.default"
                // Mitigation: change the scope to be as expected
                //logger.LogError($"getAdTokenAsync: {ex.Message}");
コード例 #9
        public static async Task <AuthenticationResult> GetAuthenticationResult()
            var appConfig  = new ApplicationConfiguration();
            var clientCred = new ClientCredential(appConfig.GraphClientSecret);
            var clientApp  = new ConfidentialClientApplication(

            return(await clientApp.AcquireTokenForClientAsync(appConfig.GraphScope.Split(",")));
コード例 #10
        public string GetAuthToken()
            if (_authenticationResult == null)
                var clientCredential = new ClientCredential(appKey);
                //am not bothering with inbuilt caching mech, as tests won't take that that long to run
                ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(clientId, authority,
                                                                                               redirectUri, clientCredential, null, new TokenCache());
                _authenticationResult = daemonClient
                                        .AcquireTokenForClientAsync(new string[] { todoListResourceId + "/.default" }).Result;

コード例 #11
        /// <summary>
        /// Retrieves a token for the Microsoft Graph using the client secret and scope
        /// </summary>
        /// <returns></returns>
        private async Task <string> AuthenticateToGraphAsync()
            MSALCache appTokenCache = new MSALCache(_clientId);

            ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(_clientId, string.Format(_authorityFormat, _tenantId), _redirectUri, new ClientCredential(_clientSecret), null, appTokenCache.GetMsalCacheInstance());
            AuthenticationResult          authResult   = await daemonClient.AcquireTokenForClientAsync(new[] { _graphScope });

            if (string.IsNullOrEmpty(authResult?.AccessToken))
                throw new Exception("A token could not be retrieve from Microsft Graph");

コード例 #12
        private static void RunClientCredentialWithCertificate()
            ClientCredential cc = new ClientCredential(new ClientAssertionCertificate(GetCertificateByThumbprint("<THUMBPRINT>")));
            ConfidentialClientApplication app = new ConfidentialClientApplication(ClientIdForConfidentialApp, "http://localhost", cc, new TokenCache(), new TokenCache());

                AuthenticationResult result = app.AcquireTokenForClientAsync(new string[] { "User.Read.All" }, true).Result;
            catch (Exception exc)
            finally { Console.ReadKey(); }
コード例 #13
        static void Main(string[] args)
            ClientCredential cc = new ClientCredential(new ClientAssertionCertificate(new System.Security.Cryptography.X509Certificates.X509Certificate2("cert.pfx")));
            ConfidentialClientApplication app = new ConfidentialClientApplication("<client-id>", "http://localhost", cc, new TokenCache(), new TokenCache());

                AuthenticationResult result = app.AcquireTokenForClientAsync(new string[] { "User.Read.All" }).Result;
            catch (Exception exc)
            finally { Console.ReadKey(); }
コード例 #14
        public async Task ForceRefreshParameterTrueTestAsync()
            var cache = new TokenCache();


            var authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false).CanonicalAuthority;
            var app       = new ConfidentialClientApplication(TestConstants.ClientId, authority,
                                                              TestConstants.RedirectUri, new ClientCredential(TestConstants.ClientSecret),
                                                              null, cache)
                ValidateAuthority = false

            //add mock response for tenant endpoint discovery
            HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
                Method          = HttpMethod.Get,
                ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(app.Authority)

            //add mock response for successful token retrival
            const string tokenRetrievedFromNetCall = "token retrieved from network call";

            HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
                Method          = HttpMethod.Post,
                ResponseMessage =

            var result = await app.AcquireTokenForClientAsync(TestConstants.Scope, true);

            Assert.AreEqual(tokenRetrievedFromNetCall, result.AccessToken);

            // make sure token in Cache was updated
            var accessTokens       = cache.GetAllAccessTokensForClient(new RequestContext(Guid.NewGuid(), null));
            var accessTokenInCache = accessTokens.Where(
                item =>

            Assert.AreEqual(tokenRetrievedFromNetCall, accessTokenInCache?.AccessToken);
            Assert.IsNotNull(_myReceiver.EventsReceived.Find(anEvent =>  // Expect finding such an event
                                                             anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.WasSuccessfulKey] == "true" &&
                                                             anEvent[ApiEvent.ApiIdKey] == "727"));
コード例 #15
        public void GetTokenFromAzure()
            AuthenticationResult token = null;

            "When I request a Token"
            .x(async() =>
                var clientCredential = new ClientCredential(appKey);
                ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(clientId, authority, redirectUri, clientCredential, null, new TokenCache());
                token = await daemonClient.AcquireTokenForClientAsync(new string[] { "https://graph.microsoft.com/.default" });
            "Then the token should not not be null"
            .x(() =>
                token.Should().NotBeNull(because: "I Just got it no?");
コード例 #16
        public static Task <AuthenticationResult> AcquireToken(MediaAccount mediaAccount)
            string settingKey   = Constant.AppSettingKey.DirectoryAuthorityUrl;
            string authorityUrl = AppSetting.GetValue(settingKey);

            authorityUrl = string.Format(authorityUrl, mediaAccount.DirectoryTenantId);

            string           redirectUri      = Constant.AuthIntegration.RedirectUri;
            ClientCredential clientCredential = new ClientCredential(mediaAccount.ServicePrincipalKey);
            ConfidentialClientApplication clientApplication = new ConfidentialClientApplication(mediaAccount.ServicePrincipalId, authorityUrl, redirectUri, clientCredential, null, null);

            settingKey = Constant.AppSettingKey.AzureResourceManagementTokenScope;
            string tokenScope = AppSetting.GetValue(settingKey);

            string[] tokenScopes = new string[] { tokenScope };
コード例 #17
        private static async Task <string> GetTokenForClientAsync()
            // NOTE: You cannot use the common endpoint when using app-only permission. We need your tenant ID.
            var authority = $"https://login.microsoftonline.com/{TenantId}/v2.0";

            var daemonClient = new ConfidentialClientApplication(
                new ClientCredential(ClientSecret),
                null, null);

            // With app-only you cannot specify permission scopes on the fly. Only the default scope is accepted.
            string[] scopes = { "https://graph.microsoft.com/.default" };
            var      result = await daemonClient.AcquireTokenForClientAsync(scopes);

コード例 #18
        /// <summary>
        /// Will acquire a token from the confidential client via the "Delegated" access or Elevated permission set
        /// </summary>
        /// <returns></returns>
        public async Task <string> GetGraphDaemonAccessTokenAsync()
            var tenantId    = ConfigKeys.TenantId;
            var iss         = string.Format(ConstantsAuthentication.TenantAuthority, tenantId);
            var lowerscopes = new string[] { ConstantsAuthentication.MSGraphScope };

                ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(ConfigKeys.MSALClientID, iss, ConfigKeys.PostLogoutRedirectURI, new ClientCredential(ConfigKeys.MSALClientSecret), null, new TokenCache());
                AuthenticationResult          authResult   = await daemonClient.AcquireTokenForClientAsync(lowerscopes);

            catch (Exception ex)
                System.Diagnostics.Trace.TraceError($"Failed to claim credentials {iss} w/ {ex.Message}");
コード例 #19
        private async Task <TokenTenant> GetGraphToken(string tenantId)
            var token = new TokenTenant();

                var daemonClient = new ConfidentialClientApplication(Startup.clientId,
                                                                     String.Format(Constant.authorityFormat, tenantId), Startup.redirectUri,
                                                                     new ClientCredential(Startup.clientSecret), null, new TokenCache());
                var authResult = await daemonClient.AcquireTokenForClientAsync(new string[] { Constant.msGraphScope });

                token.Token = authResult.AccessToken;
            catch (Exception ex)

        public async Task ApplicationGrantIntegrationTestAsync()
            var appCache  = new TokenCache();
            var userCache = new TokenCache();

            var confidentialClient = new ConfidentialClientApplication(ClientId, Authority, RedirectUri,
                                                                       new ClientCredential(_password), userCache, appCache);

            var res = await confidentialClient.AcquireTokenForClientAsync(MsalScopes).ConfigureAwait(false);


            // make sure user cache is empty
            Assert.IsTrue(userCache.TokenCacheAccessor.GetAllAccessTokensAsString().Count == 0);
            Assert.IsTrue(userCache.TokenCacheAccessor.GetAllRefreshTokensAsString().Count == 0);
            Assert.IsTrue(userCache.TokenCacheAccessor.GetAllIdTokensAsString().Count == 0);
            Assert.IsTrue(userCache.TokenCacheAccessor.GetAllAccountsAsString().Count == 0);

            // make sure nothing was written to legacy cache

            // make sure only AT entity was stored in the App msal cache
            Assert.IsTrue(appCache.TokenCacheAccessor.GetAllAccessTokensAsString().Count == 1);
            Assert.IsTrue(appCache.TokenCacheAccessor.GetAllRefreshTokensAsString().Count == 0);
            Assert.IsTrue(appCache.TokenCacheAccessor.GetAllIdTokensAsString().Count == 0);
            Assert.IsTrue(appCache.TokenCacheAccessor.GetAllAccountsAsString().Count == 0);


            // passing empty password to make sure that AT returned from cache
            confidentialClient = new ConfidentialClientApplication(ClientId, Authority, RedirectUri,
                                                                   new ClientCredential("wrong_password"), userCache, appCache);

            res = await confidentialClient.AcquireTokenForClientAsync(MsalScopes).ConfigureAwait(false);

コード例 #21
        public async Task <AccessTokenResult> GetAccessToken()
            var cacheKey = "_GraphToken";

            var graphToken = _memoryCacheManager.Get <AccessTokenResult>(cacheKey);

            if (!string.IsNullOrEmpty(graphToken?.Access_Token))

            var clientCredentials = new ClientCredential(_client_secret);
            var app = new ConfidentialClientApplication(_client_id, $"{_host}/{_tenant}", "https://graph.microsoft.com", clientCredentials, null, new TokenCache());

            // With client credentials flows the scopes is ALWAYS of the shape "resource/.default", as the
            // application permissions need to be set statically (in the portal or by PowerShell), and then granted by
            // a tenant administrator
            var scopes = new string[] { _scope };

            AuthenticationResult result = null;

                result = await app.AcquireTokenForClientAsync(scopes);
            catch (MsalServiceException ex) when(ex.Message.Contains("AADSTS70011"))
                // Invalid scope. The scope has to be of the form "https://resourceurl/.default"
                // Mitigation: change the scope to be as expected
            var token = new AccessTokenResult
                Access_Token = result.AccessToken,
                Expires_In   = result.ExpiresOn.ToString(),

            var cacheTime = result.ExpiresOn - DateTime.UtcNow;

            //cacheTime = TimeSpan.FromMinutes(5);
            _memoryCacheManager.Set(cacheKey, token, cacheTime);

        private async Task <string> GetAccessToken()
            ClientCredential clientCredentials = new ClientCredential(secret: config.AppSecret);

            var app = new ConfidentialClientApplication(
                clientId: config.AppId,
                authority: $"https://login.microsoftonline.com/{config.TenantId}",
                redirectUri: "https://daemon",
                clientCredential: clientCredentials,
                userTokenCache: null,
                appTokenCache: new TokenCache()

            string[] scopes = new string[] { "https://graph.microsoft.com/.default" };

            var result = await app.AcquireTokenForClientAsync(scopes);

コード例 #23
        private static HttpClient GetAuthenticatedHTTPClient(IConfigurationRoot config)
            var clientId     = config["applicationId"];
            var clientSecret = config["applicationSecret"];
            var redirectUri  = config["redirectUri"];
            var authority    = $"https://login.microsoftonline.com/{config["tenantId"]}/v2.0";

            List <string> scopes = new List <string>();


            var cca        = new ConfidentialClientApplication(clientId, authority, redirectUri, new ClientCredential(clientSecret), null, null);
            var authResult = cca.AcquireTokenForClientAsync(scopes).Result;

            _httpClient = new HttpClient();
            _httpClient.DefaultRequestHeaders.Add("Authorization", "bearer " + authResult.AccessToken);

コード例 #24
ファイル: clsContent.cs プロジェクト: hafsjold/snvrepos
        public static async Task DamonLogInAsync()
            AuthenticationResult result;

            var daemonClient = new ConfidentialClientApplication(
                , string.Format(AuthorityFormat, tenantId)
                , redirectUri
                , new ClientCredential(clientSecret)
                , cliTokenCache.GetMsalCacheInstance()
                , appTokenCache.GetMsalCacheInstance()

                result = await daemonClient.AcquireTokenForClientAsync(new[] { MSGraphScope });


                graphClient = new GraphServiceClient(
                    new DelegateAuthenticationProvider(
                        async(requestMessage) =>
                    // Append the access token to the request.
                    requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", result.AccessToken);

                    // Some identifying header
                    requestMessage.Headers.Add("SampleID", "aspnet-connect-sample");
                TokenAcquired = DateTime.Now;

            // Unable to retrieve the access token silently.
            catch (Exception e)
コード例 #25
        public async Task HttpRequestExceptionIsNotSuppressed()
            var app = new ConfidentialClientApplication(TestConstants.ClientId,
                                                        TestConstants.RedirectUri, new ClientCredential(TestConstants.ClientSecret),
                                                        new TokenCache(), new TokenCache())
                ValidateAuthority = false

            // add mock response bigger than 1MB for Http Client
            HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
                Method          = HttpMethod.Get,
                ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
                    Content = new StringContent(new string(new char[1048577]))

            await app.AcquireTokenForClientAsync(TestConstants.Scope.ToArray());
        private async Task <DemoModel> GetDemoPageModel(string apiBaseUrl)
            var model = new DemoModel();

                var app = new ConfidentialClientApplication(
                    "https://localhost", // redirect URI can be anything in this case
                    new ClientCredential(_appSettings.ClientSecret),
                    userTokenCache: null,
                    appTokenCache: new TokenCache());

                var authRes = await app.AcquireTokenForClientAsync(
                    new[] { _appSettings.EmployeeApiAppIdUri + "/.default" },

                model.AccessToken = authRes.AccessToken;

                var req = new HttpRequestMessage(HttpMethod.Get, apiBaseUrl + "/api/employees");
                model.TargetUrl           = req.RequestUri.ToString();
                req.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authRes.AccessToken);
                var res = await HttpClient.SendAsync(req);

                if (res.IsSuccessStatusCode)
                    model.Employees = await res.Content.ReadAsAsync <List <Employee> >();
                    model.ErrorStatusCode = res.StatusCode;

コード例 #27
        static async Task <string> AccessToken(IConfiguration config)
            var client = new ConfidentialClientApplication(
                clientId: config["ClientID"],
                authority: $"https://login.microsoftonline.com/{config["TenantID"]}/",
                redirectUri: config["ClientRedirectUri"],
                clientCredential: new ClientCredential(config["ClientSecret"]),
                userTokenCache: null,
                appTokenCache: null);

                var result = await client.AcquireTokenForClientAsync(new[] { "https://graph.microsoft.com/.default" });

            catch (Exception e)
                Log(e.ToString(), ConsoleColor.Red);
コード例 #28
        // Gets an access token. First tries to get the access token from the token cache.
        // This app uses a password (secret) to authenticate. Production apps should use a certificate.
        public async Task <string> GetAppAccessTokenAsync()
                var authorityFormat = "https://login.microsoftonline.com/{0}/v2.0";
                ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(_clientId, String.Format(authorityFormat, _tenantId), _redirectUri, _credential, null, new TokenCache());

                var msGraphScope            = "https://graph.microsoft.com/.default";
                AuthenticationResult result = await daemonClient.AcquireTokenForClientAsync(new string[] { msGraphScope });

            catch (Exception ex)
                // Unable to retrieve the access token silently.
                throw new ServiceException(new Error
                    Code    = GraphErrorCode.AuthenticationFailure.ToString(),
                    Message = $"Caller needs to authenticate. Unable to retrieve the access token silently. error: {ex}"
コード例 #29
        // GET api/<controller>
        public async Task <IEnumerable <string> > Get()
            var tenantId = ClaimsPrincipal.Current.FindFirst(tenantIdClaimType).Value;

            ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(Startup.clientId, String.Format(authorityFormat, tenantId), Startup.redirectUri, new ClientCredential(Startup.clientSecret), null, new TokenCache());
            AuthenticationResult          authResult   = await daemonClient.AcquireTokenForClientAsync(new string[] { msGraphScope });

            // Query for list of users in the tenant
            HttpClient         client  = new HttpClient();
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, msGraphQuery);

            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
            HttpResponseMessage response = await client.SendAsync(request);

            // If the token we used was insufficient to make the query, drop the token from the cache.
            // The Users page of the website will show a message to the user instructing them to grant
            // permissions to the app (see User/Index.cshtml).
            if (response.StatusCode == System.Net.HttpStatusCode.Forbidden)
                // BUG: Here, we should clear MSAL's app token cache to ensure that on a subsequent call
                // to SyncController, MSAL does not return the same access token that resulted in this 403.
                // By clearing the cache, MSAL will be forced to retrieve a new access token from AAD,
                // which will contain the most up-to-date set of permissions granted to the app. Since MSAL
                // currently does not provide a way to clear the app token cache, we have commented this line
                // out. Thankfully, since this app uses the default in-memory app token cache, the app still
                // works correctly, since the in-memory cache is not persistent across calls to SyncController
                // anyway. If you build a persistent app token cache for MSAL, you should make sure to clear
                // it at this point in the code.

            if (!response.IsSuccessStatusCode)
                throw new HttpResponseException(response.StatusCode);

コード例 #30
        public async Task RunAsync()
            var tenantId = Config.GetConfig("tenantId");
            ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(
                String.Format(Config.GetConfig("authorityFormat"), tenantId),
                new ClientCredential(Config.GetConfig("clientSecret")),
                new TokenCache());
            var authenticationResult = await daemonClient.AcquireTokenForClientAsync(new string[] { "https://graph.microsoft.com/.default" });

            var accessToken = new AuthenticationHeaderValue("Bearer", authenticationResult.AccessToken);

            using (var client = new HttpClient())
                client.BaseAddress = new Uri("https://graph.microsoft.com/beta/");
                client.DefaultRequestHeaders.Authorization = accessToken;

                await DemoBatch(client);