public async Task Get(string tenantId) { // Get a token for the Microsoft Graph ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(String.Format(authorityFormat, tenantId), Startup.clientId, Startup.redirectUri, new ClientCredential(Startup.clientSecret), new TokenCache()); AuthenticationResult authResult = await daemonClient.AcquireTokenForClient(new string[] { msGraphScope }, null); // Query for list of users in the tenant HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, msGraphQuery); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.Token); HttpResponseMessage response = await client.SendAsync(request); if (!response.IsSuccessStatusCode) { throw new HttpResponseException(response.StatusCode); } // Record users in the data store (note that this only records the first page of users) string json = await response.Content.ReadAsStringAsync(); MsGraphUserListResponse users = JsonConvert.DeserializeObject <MsGraphUserListResponse>(json); usersByTenant[tenantId] = users.value; return; }
public async Task GetAsync() { string tenantId = "3485b963-82ba-4a6f-810f-b5cc226ff898"; // Get a token for the Microsoft Graph. If this line throws an exception for any reason, we'll just let the exception be returned as a 500 response // to the caller, and show a generic error message to the user. IConfidentialClientApplication daemonClient; daemonClient = ConfidentialClientApplicationBuilder.Create(Startup.clientId) .WithAuthority(string.Format(AuthorityFormat, tenantId)) .WithRedirectUri(Startup.redirectUri) .WithClientSecret(Startup.clientSecret) .Build(); var serializedAppTokenCache = new MSALAppTokenMemoryCache(daemonClient.AppTokenCache); var serializedUserTokenCache = new MSALUserTokenMemoryCache(daemonClient.UserTokenCache); AuthenticationResult authResult = await daemonClient.AcquireTokenForClient(new[] { MSGraphScope }) .ExecuteAsync(); // Query for list of users in the tenant HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, MSGraphQuery); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken); //request.Content = new StringContent("{\"fields\": {\"Title\": \"asd\",\"Email\": \"[email protected]\"}\"}"); HttpResponseMessage response = await client.SendAsync(request); var a = "2"; // If the token we used was insufficient to make the query, drop the token from the cache. The Users page of the website will show a message to the user instructing them to grant // permissions to the app (see User/Index.cshtml). if (response.StatusCode == System.Net.HttpStatusCode.Forbidden) { // Here, we should clear MSAL's app token cache to ensure that on a subsequent call to SyncController, MSAL does not return the same access token that resulted in this 403. // By clearing the cache, MSAL will be forced to retrieve a new access token from AAD, which will contain the most up-to-date set of permissions granted to the app. Since MSAL // currently does not provide a way to clear the app token cache, we have commented this line out. Thankfully, since this app uses the default in-memory app token cache, the app still // works correctly, since the in-memory cache is not persistent across calls to SyncController anyway. If you build a persistent app token cache for MSAL, you should make sure to clear // it at this point in the code. serializedAppTokenCache.Clear(Startup.clientId); } if (!response.IsSuccessStatusCode) { throw new HttpResponseException(response.StatusCode); } // Record users in the data store (note that this only records the first page of users) string json = await response.Content.ReadAsStringAsync(); JObject obj = await response.Content.ReadAsAsync <JObject>(); MsGraphUserListResponse users = JsonConvert.DeserializeObject <MsGraphUserListResponse>(json); var b = users.value; usersByTenant[tenantId] = users.value; }
public async Task Get(string tenantId) { // Get a token for the Microsoft Graph. If this line throws an exception for // any reason, we'll just let the exception be returned as a 500 response // to the caller, and show a generic error message to the user. ConfidentialClientApplication daemonClient = new ConfidentialClientApplication( Startup.clientId, String.Format(authorityFormat, tenantId), Startup.redirectUri, new ClientCredential(Startup.clientSecret), null, new TokenCache()); AuthenticationResult authResult = await daemonClient.AcquireTokenForClientAsync( new string[] { msGraphScope }); // Query for list of users in the tenant HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, msGraphQuery); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken); HttpResponseMessage response = await client.SendAsync(request); // If the token we used was insufficient to make the query, drop the token from the cache. // The Users page of the website will show a message to the user instructing them to grant // permissions to the app (see User/Index.cshtml). if (response.StatusCode == System.Net.HttpStatusCode.Forbidden) { // BUG: Here, we should clear MSAL's app token cache to ensure that on a subsequent call // to SyncController, MSAL does not return the same access token that resulted in this 403. // By clearing the cache, MSAL will be forced to retrieve a new access token from AAD, // which will contain the most up-to-date set of permissions granted to the app. Since MSAL // currently does not provide a way to clear the app token cache, we have commented this line // out. Thankfully, since this app uses the default in-memory app token cache, the app still // works correctly, since the in-memory cache is not persistent across calls to SyncController // anyway. If you build a persistent app token cache for MSAL, you should make sure to clear // it at this point in the code. // //daemonClient.AppTokenCache.Clear(Startup.clientId); } if (!response.IsSuccessStatusCode) { throw new HttpResponseException(response.StatusCode); } // Record users in the data store (note that this only records the first page of users) string json = await response.Content.ReadAsStringAsync(); MsGraphUserListResponse users = JsonConvert.DeserializeObject <MsGraphUserListResponse>(json); usersByTenant[tenantId] = users.value; return; }
static void Main(string[] args) { string ClientId = System.Configuration.ConfigurationManager.AppSettings["ida:ClientId"]; string TenantId = System.Configuration.ConfigurationManager.AppSettings["ida:TenantId"]; string ClientSecret = System.Configuration.ConfigurationManager.AppSettings["ida:ClientSecret"]; string AadInstance = System.Configuration.ConfigurationManager.AppSettings["ida:AadInstance"]; string Scope = System.Configuration.ConfigurationManager.AppSettings["ida:Scope"]; string MSGraphQuery = "https://graph.microsoft.com/v1.0/users"; // Simulate downstream API call string oAuthUrl = string.Format("{0}/{1}/oauth2/v2.0/token", AadInstance, TenantId); ////////////////////////////////// Get Bearer Token //////////////////////////////////////////////////// HttpClient authClient = new HttpClient(); HttpRequestMessage authRequest = new HttpRequestMessage(HttpMethod.Post, oAuthUrl); var requestContent = string.Format("client_id={0}&scope={1}&client_secret={2}&grant_type=client_credentials", ClientId, Scope, ClientSecret); authRequest.Content = new StringContent(requestContent, Encoding.UTF8, "application/x-www-form-urlencoded"); HttpResponseMessage authResponse = authClient.SendAsync(authRequest).Result; var authJson = JsonConvert.DeserializeObject <AuthToken>(authResponse.Content.ReadAsStringAsync().Result); Console.WriteLine("Bearer Token : " + authJson.access_token); /////////////////////////////////////////////////////////////////////////////////////////////////////// //////////////////////// Call Downstream API - In this case MS Graph API ////////////////////////////// HttpClient gClient = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, MSGraphQuery); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authJson.access_token); HttpResponseMessage response = gClient.SendAsync(request).Result; string json = response.Content.ReadAsStringAsync().Result; MsGraphUserListResponse users = JsonConvert.DeserializeObject <MsGraphUserListResponse>(json); Console.WriteLine("--------"); Console.WriteLine(users.value.First().userPrincipalName); /////////////////////////////////////////////////////////////////////////////////////////////////////// Console.ReadLine(); }