private static async Task RunAsync()
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
// Even if this is a console application here, a daemon application is a confidential client application
IConfidentialClientApplication app;
#if !VariationWithCertificateCredentials
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithClientSecret(config.ClientSecret)
.WithAuthority(new Uri(config.Authority))
.Build();
#else
X509Certificate2 certificate = ReadCertificate(config.CertificateName);
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithCertificate(certificate)
.WithAuthority(new Uri(config.Authority))
.Build();
#endif
// With client credentials flows the scopes is ALWAYS of the shape "resource/.default", as the
// application permissions need to be set statically (in the portal or by PowerShell), and then granted by
// a tenant administrator
string[] scopes = new string[] { "https://graph.microsoft.com/.default" } /* { "User.Read", "User.ReadBasic.All" }*/;
AuthenticationResult result = null;
try
{
result = await app.AcquireTokenForClient(scopes)
.ExecuteAsync();
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Token acquired");
Console.ResetColor();
}
catch (MsalServiceException ex) when(ex.Message.Contains("AADSTS70011"))
{
// Invalid scope. The scope has to be of the form "https://resourceurl/.default"
// Mitigation: change the scope to be as expected
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Scope provided is not supported");
Console.ResetColor();
}
if (result != null)
{
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
await apiCaller.CallWebApiAndProcessResultASync("https://graph.microsoft.com/v1.0/users", result.AccessToken, Display);
}
}
/// <summary>
/// Checks if the sample is configured for using ClientSecret or Certificate. This method is just for the sake of this sample.
/// You won't need this verification in your production application since you will be authenticating in AAD using one mechanism only.
/// </summary>
/// <param name="config">Configuration from appsettings.json</param>
/// <returns></returns>
private static bool AppUsesClientSecret(AuthenticationConfig config)
{
if (!string.IsNullOrWhiteSpace(config.ClientSecret))
{
return(true);
}
else if (!string.IsNullOrWhiteSpace(config.CertificateName))
{
return(false);
}
else
{
throw new Exception("You must choose between using client secret or certificate. Please update appsettings.json file.");
}
}
/// <summary>
/// Checks if the sample is configured for using ClientSecret or Certificate. This method is just for the sake of this sample.
/// You won't need this verification in your production application since you will be authenticating in AAD using one mechanism only.
/// </summary>
/// <param name="config">Configuration from appsettings.json</param>
/// <returns></returns>
private static bool IsAppUsingClientSecret(AuthenticationConfig config)
{
string clientSecretPlaceholderValue = "[Enter here a client secret for your application]";
if (!String.IsNullOrWhiteSpace(config.ClientSecret) && config.ClientSecret != clientSecretPlaceholderValue)
{
return(true);
}
else if (config.Certificate != null)
{
return(false);
}
else
{
throw new Exception("You must choose between using client secret or certificate. Please update appsettings.json file.");
}
}
private static async Task RunAsync()
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
// You can run this sample using ClientSecret or Certificate. The code will differ only when instantiating the IConfidentialClientApplication
bool isUsingClientSecret = IsAppUsingClientSecret(config);
// Even if this is a console application here, a daemon application is a confidential client application
IConfidentialClientApplication app;
if (isUsingClientSecret)
{
// Even if this is a console application here, a daemon application is a confidential client application
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithClientSecret(config.ClientSecret)
.WithAuthority(new Uri(config.Authority))
.Build();
}
else
{
ICertificateLoader certificateLoader = new DefaultCertificateLoader();
certificateLoader.LoadIfNeeded(config.Certificate);
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithCertificate(config.Certificate.Certificate)
.WithAuthority(new Uri(config.Authority))
.Build();
}
app.AddInMemoryTokenCache();
// With client credentials flows the scopes is ALWAYS of the shape "resource/.default", as the
// application permissions need to be set statically (in the portal or by PowerShell), and then granted by
// a tenant administrator.
string[] scopes = new string[] { $"{config.ApiUrl}.default" }; // Generates a scope -> "https://graph.microsoft.com/.default"
// Call MS graph using the Graph SDK
await CallMSGraphUsingGraphSDK(app, scopes);
// Call MS Graph REST API directly
await CallMSGraph(config, app, scopes);
}
/// <summary>
/// Checks if the sample is configured for using ClientSecret or Certificate. This method is just for the sake of this sample.
/// You won't need this verification in your production application since you will be authenticating in AAD using one mechanism only.
/// </summary>
/// <param name="config">Configuration from appsettings.json</param>
/// <returns></returns>
private static bool AppUsesClientSecret(AuthenticationConfig config)
{
string clientSecretPlaceholderValue = "[Enter here a client secret for your application]";
string certificatePlaceholderValue = "[Or instead of client secret: Enter here the name of a certificate (from the user cert store) as registered with your application]";
if (!String.IsNullOrWhiteSpace(config.ClientSecret) && config.ClientSecret != clientSecretPlaceholderValue)
{
return(true);
}
else if (!String.IsNullOrWhiteSpace(config.CertificateName) && config.CertificateName != certificatePlaceholderValue)
{
return(false);
}
else
{
throw new Exception("You must choose between using client secret or certificate. Please update appsettings.json file.");
}
}
static void Main(string[] args)
{
try
{
var serviceProvider = new ServiceCollection()
.AddSingleton <ILogger, ConsoleLogger>()
.AddSingleton(AuthenticationConfig.ReadFromJsonFile("appsettings.json"))
.AddSingleton <IAuthenticationProvider, ClientCredentialProvider>()
.AddSingleton <GalleryAppsProcessor>()
.AddSingleton <GalleryAppsRepository>()
.BuildServiceProvider();
var newGalleryAppDetails = NewGalleryAppDetails(serviceProvider.GetService <GalleryAppsRepository>()).GetAwaiter().GetResult();
serviceProvider.GetService <GalleryAppsProcessor>().CreateGalleryAppAsync(newGalleryAppDetails).GetAwaiter().GetResult();
}
catch (Exception ex)
{
Logger.Error(ex.Message);
}
}
private static async Task RunAsync()
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
// Even if this is a console application here, a daemon application is a confidential client application
ClientCredential clientCredentials;
#if !VariationWithCertificateCredentials
clientCredentials = new ClientCredential(config.ClientSecret);
#else
X509Certificate2 certificate = ReadCertificate(config.CertificateName);
clientCredentials = new ClientCredential(new ClientAssertionCertificate(certificate));
#endif
var app = new ConfidentialClientApplication(config.ClientId, config.Authority, "https://daemon", clientCredentials, null, new TokenCache());
// With client credentials flows the scopes is ALWAYS of the shape "resource/.default", as the
// application permissions need to be set statically (in the portal or by PowerShell), and then granted by
// a tenant administrator
string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
AuthenticationResult result = null;
try
{
result = await app.AcquireTokenForClientAsync(scopes);
}
catch (MsalServiceException ex) when (ex.Message.Contains("AADSTS70011"))
{
// Invalid scope. The scope has to be of the form "https://resourceurl/.default"
// Mitigation: change the scope to be as expected
}
if (result != null)
{
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
await apiCaller.CallWebApiAndProcessResultASync("https://graph.microsoft.com/v1.0/users", result.AccessToken, Display);
}
}
private static async Task RunAsync()
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
// You can run this sample using ClientSecret or Certificate. The code will differ only when instantiating the IConfidentialClientApplication
bool isUsingClientSecret = AppUsesClientSecret(config);
// Even if this is a console application here, a daemon application is a confidential client application
IConfidentialClientApplication app;
if (isUsingClientSecret)
{
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithClientSecret(config.ClientSecret)
.WithAuthority(new Uri(config.Authority))
.Build();
}
else
{
X509Certificate2 certificate = ReadCertificate(config.CertificateName);
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithCertificate(certificate)
.WithAuthority(new Uri(config.Authority))
.Build();
}
// With client credentials flows the scopes is ALWAYS of the shape "resource/.default", as the
// application permissions need to be set statically (in the portal or by PowerShell), and then granted by
// a tenant administrator.
string[] scopes = new string[] { $"{config.ApiUrl}.default" };
AuthenticationResult result = null;
try
{
result = await app.AcquireTokenForClient(scopes)
.ExecuteAsync();
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Token acquired");
Console.ResetColor();
}
catch (MsalServiceException ex) when(ex.Message.Contains("AADSTS70011"))
{
// Invalid scope. The scope has to be of the form "https://resourceurl/.default"
// Mitigation: change the scope to be as expected
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Scope provided is not supported");
Console.ResetColor();
}
if (result != null)
{
var SOBListLocation = $"{config.CpscSharepoint},c0cefe40-beeb-41a9-b4f5-9960bcfa010b,fbb78c64-1220-42fe-a319-94c493a9a105/lists/6f53c37b-d6ba-46c3-91a9-2e942a984af9/items";
var webapiUrl = $"{config.ApiUrl}v1.0/sites/{SOBListLocation}";
var httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, webapiUrl);
var body = new FieldData()
{
fields = new FieldData.Fields()
{
Title = "test",
Organization = "CPCSC",
Comments = "Test",
Message = "new Product",
Email = "*****@*****.**",
Phone = "301-504-7804",
Source = "sharepointOnline-GraphAPI"
}
};
var jsonBody = JsonSerializer.Serialize(body);
Console.WriteLine(jsonBody);
httpRequestMessage.Content = new StringContent(jsonBody, Encoding.UTF8, "application/json");
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
var createdResult = await apiCaller.CallWebApiAndProcessResultASync(httpRequestMessage, result.AccessToken);
Display(createdResult);
// await apiCaller.AddToSiteList("siteid", "listId", "payload", Display);//
}
}
private static async Task RunAsync()
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
// You can run this sample using ClientSecret or Certificate. The code will differ only when instantiating the IConfidentialClientApplication
bool isUsingClientSecret = AppUsesClientSecret(config);
// Even if this is a console application here, a daemon application is a confidential client application
IConfidentialClientApplication app;
if (isUsingClientSecret)
{
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithClientSecret(config.ClientSecret)
.WithAuthority(new Uri(config.Authority))
.Build();
}
else
{
X509Certificate2 certificate = ReadCertificate(config.CertificateName);
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithCertificate(certificate)
.WithAuthority(new Uri(config.Authority))
.Build();
}
// With client credentials flows the scopes is ALWAYS of the shape "resource/.default", as the
// application permissions need to be set statically (in the portal or by PowerShell), and then granted by
// a tenant administrator.
string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
AuthenticationResult result = null;
try
{
result = await app.AcquireTokenForClient(scopes)
.ExecuteAsync();
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Token acquired");
Console.ResetColor();
}
catch (MsalServiceException ex) when(ex.Message.Contains("AADSTS70011"))
{
// Invalid scope. The scope has to be of the form "https://resourceurl/.default"
// Mitigation: change the scope to be as expected
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Scope provided is not supported");
Console.ResetColor();
}
if (result != null)
{
var httpClient = new HttpClient();
//Method to get the events from GrapCrudMethods
GraphCrudMethods.getEvents(httpClient, result.AccessToken, Display);
List <Attendee> attendees = new List <Attendee>();
//Method to create events from GrapCrudMethods
GraphCrudMethods.createEvent(httpClient, result.AccessToken, "Hello", "Testevent", "2021-05-27T12:00:00", "2021-05-28T12:00:00", "Ehb", attendees, false);
}
}
private string ConstructGraphUrl(int year, int month)
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
return($"{config.ApiUrl}?$filter=start/datetime ge '{year}-{month}-01T00:00' and end/dateTime le '{year}-{month}-31T00:00'&$select=subject,start,end");
}
private static async Task RunAsync()
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
// You can run this sample using ClientSecret or Certificate. The code will differ only when instantiating the IConfidentialClientApplication
bool isUsingClientSecret = AppUsesClientSecret(config);
// Even if this is a console application here, a daemon application is a confidential client application
IConfidentialClientApplication app;
if (isUsingClientSecret)
{
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithClientSecret(config.ClientSecret)
.WithAuthority(new Uri(config.Authority))
.Build();
}
else
{
X509Certificate2 certificate = ReadCertificate(config.CertificateName);
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithCertificate(certificate)
.WithAuthority(new Uri(config.Authority))
.Build();
}
// With client credentials flows the scopes is ALWAYS of the shape "resource/.default", as the
// application permissions need to be set statically (in the portal or by PowerShell), and then granted by
// a tenant administrator.
string[] scopes = new string[] { $"{config.ApiUrl}.default" };
AuthenticationResult result = null;
try
{
result = await app.AcquireTokenForClient(scopes)
.ExecuteAsync();
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Token acquired");
Console.ResetColor();
}
catch (MsalServiceException ex) when(ex.Message.Contains("AADSTS70011"))
{
// Invalid scope. The scope has to be of the form "https://resourceurl/.default"
// Mitigation: change the scope to be as expected
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Scope provided is not supported");
Console.ResetColor();
}
if (result != null)
{
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
//await apiCaller.CallWebApiAndProcessResultASync($"https://teamsgraph.teams.microsoft.com/beta/teams('250dfa22-2334-4d15-a7c0-7d3bb9303e36')/channels", result.AccessToken, Display);
//await apiCaller.CallWebApiAndProcessResultASync($"https://graph.microsoft.com/beta/teams", result.AccessToken, Display);
//Create Team with migration mode set - Copy the teamId from Response Header
CreateTeam newTeam = new CreateTeam
{
teamCreationMode = "migration",
bind = "https://graph.microsoft.com/beta/teamsTemplates('standard')",
displayName = "MigrationTeam TestXYZ",
description = "Migrate data into teams",
createdDateTime = "2021-03-14T11:22:17.043Z"
};
var data = new StringContent(JsonConvert.SerializeObject(newTeam), Encoding.UTF8, "application/json");
var response = await apiCaller.CallWebApiPostAndProcessResultASync($"https://graph.microsoft.com/beta/teams", result.AccessToken, Display, data);
var location = response.Headers.Location?.ToString();
var teamId = ((location.Split('/')[1]).Remove(0, 7)).Remove(36, 2);
var channelId = "";
CreateChannelRequest newChannel = new CreateChannelRequest
{
channelCreationMode = "migration",
displayName = "Migration Channel TestXYZ",
description = "New channel",
membershipType = "standard",
createdDateTime = "2021-03-14T11:22:17.043Z"
};
data = new StringContent(JsonConvert.SerializeObject(newChannel), Encoding.UTF8, "application/json");
response = await apiCaller.CallWebApiPostAndProcessResultASync($"https://graph.microsoft.com/beta/teams/{teamId}/channels", result.AccessToken, Display, data);
if (response.IsSuccessStatusCode)
{
string json = await response.Content.ReadAsStringAsync();
channelId = JObject.Parse(json)["id"].ToString();
Console.WriteLine("ChannelId - " + channelId);
}
else
{
throw new Exception("Channel creation failed");
}
if (channelId == "")
{
throw new Exception("Channel creation failed");
}
ChatMessageRequest newMessage = new ChatMessageRequest
{
createdDateTime = "2021-03-12T11:22:17.043Z",
from = new From
{
user = new User
{
id = "39c07c8d-ff89-4ef6-9855-2ec466148fe2",
displayName = "*****@*****.**",
userIdentityType = "aadUser"
}
},
body = new ItemBody
{
content = "Automated migrated msg",
contentType = "html"
}
};
var str = JsonConvert.SerializeObject(newMessage);
data = new StringContent(JsonConvert.SerializeObject(newMessage), Encoding.UTF8, "application/json");
response = await apiCaller.CallWebApiPostAndProcessResultASync($"https://graph.microsoft.com/beta/teams/{teamId}/channels/{channelId}/messages", result.AccessToken, Display, data);
if (response.IsSuccessStatusCode)
{
Console.WriteLine("Posted msg");
}
else
{
throw new Exception("Posting msg failed");
}
response = await apiCaller.CallWebApiPostAndProcessResultASync($"https://graph.microsoft.com/beta/teams/{teamId}/channels/{channelId}/completeMigration", result.AccessToken, Display, null);
if (response.IsSuccessStatusCode)
{
Console.WriteLine("Completed migration for channel");
}
else
{
throw new Exception("Completing migration for channel failed");
}
//Need to get the 'General' channel Id and complete migration TODO
response = await apiCaller.CallWebApiPostAndProcessResultASync($"https://graph.microsoft.com/beta/teams/{teamId}/completeMigration", result.AccessToken, Display, null);
if (response.IsSuccessStatusCode)
{
Console.WriteLine("Completed migration for team");
}
else
{
throw new Exception("Completing migration for team failed");
}
//Add owner
AddMemberToTeam member = new AddMemberToTeam
{
type = "#microsoft.graph.aadUserConversationMember",
roles = new string[] { "owner" },
bind = "https://graph.microsoft.com/beta/users/39c07c8d-ff89-4ef6-9855-2ec466148fe2"
};
data = new StringContent(JsonConvert.SerializeObject(member), Encoding.UTF8, "application/json");
await apiCaller.CallWebApiPostAndProcessResultASync($"https://graph.microsoft.com/beta/teams/{teamId}/members", result.AccessToken, Display, data);
}
}
private static async Task RunAsync()
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
// You can run this sample using ClientSecret or Certificate. The code will differ only when instantiating the IConfidentialClientApplication
bool isUsingClientSecret = AppUsesClientSecret(config);
// Even if this is a console application here, a daemon application is a confidential client application
IConfidentialClientApplication app;
if (isUsingClientSecret)
{
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithClientSecret(config.ClientSecret)
.WithAuthority(new Uri(config.Authority))
.WithExperimentalFeatures() // for PoP
.Build();
}
else
{
X509Certificate2 certificate = ReadCertificate(config.CertificateName);
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithCertificate(certificate)
.WithAuthority(new Uri(config.Authority))
.Build();
}
// With client credentials flows the scopes is ALWAYS of the shape "resource/.default", as the
// application permissions need to be set statically (in the portal or by PowerShell), and then granted by
// a tenant administrator
string[] scopes = new string[] { config.TodoListScope };
AuthenticationResult result = null;
string popUri = $"{config.TodoListBaseAddress}/api/todolist";
try
{
result = await app.AcquireTokenForClient(scopes)
.WithProofOfPossession(new PoPAuthenticationConfiguration(new Uri(popUri))
{
HttpMethod = HttpMethod.Get
})
.ExecuteAsync();
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Token acquired \n");
Console.ResetColor();
}
catch (MsalServiceException ex) when(ex.Message.Contains("AADSTS70011"))
{
// Invalid scope. The scope has to be of the form "https://resourceurl/.default"
// Mitigation: change the scope to be as expected
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Scope provided is not supported");
Console.ResetColor();
}
if (result != null)
{
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
await apiCaller.CallWebApiAndProcessResultASync(popUri, result, Display);
}
}
private static async Task RunAsync()
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
// You can run this sample using ClientSecret or Certificate. The code will differ only when instantiating the IConfidentialClientApplication
bool isUsingClientSecret = AppUsesClientSecret(config);
// Even if this is a console application here, a daemon application is a confidential client application
IConfidentialClientApplication app;
if (isUsingClientSecret)
{
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithClientSecret(config.ClientSecret)
.WithAuthority(new Uri(config.Authority))
.Build();
}
else
{
X509Certificate2 certificate = ReadCertificate(config.CertificateName);
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithCertificate(certificate)
.WithAuthority(new Uri(config.Authority))
.Build();
}
// With client credentials flows the scopes is ALWAYS of the shape "resource/.default", as the
// application permissions need to be set statically (in the portal or by PowerShell), and then granted by
// a tenant administrator.
string[] scopes = new string[] { $"{config.ApiUrl}.default" };
AuthenticationResult result = null;
try
{
result = await app.AcquireTokenForClient(scopes)
.ExecuteAsync();
//Console.ForegroundColor = ConsoleColor.Green;
//Console.WriteLine("Token acquired");
//Console.ResetColor();
}
catch (MsalServiceException ex) when(ex.Message.Contains("AADSTS70011"))
{
// Invalid scope. The scope has to be of the form "https://resourceurl/.default"
// Mitigation: change the scope to be as expected
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Scope provided is not supported");
Console.ResetColor();
}
if (result != null)
{
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
//await apiCaller.CallWebApiAndProcessResultASync($"{config.ApiUrl}v1.0/users", result.AccessToken, Display);
//await apiCaller.CallWebApiAndProcessResultASync($"{config.ApiUrl}v1.0/users/[email protected]/events", result.AccessToken, Display);
//await apiCaller.CallWebApiAndProcessResultASync($"{config.ApiUrl}v1.0/users/[email protected]/calendarView?startDateTime=2020-09-01T16:00:00.0000000&endDateTime=2020-12-07T16:00:00.0000000", result.AccessToken, Display);
//await apiCaller.CallWebApiAndProcessResultASync($"{config.ApiUrl}v1.0/users/[email protected]/calendarView?startDateTime=2020-09-01T16:00:00.0000000&endDateTime=2020-12-07T16:00:00.0000000", result.AccessToken, Display);
//await apiCaller.CallWebApiAndProcessResultASync($"{config.ApiUrl}v1.0/users//[email protected]/calendargroup/calendars/calendarView?startDateTime=2020-09-01T16:00:00.0000000&endDateTime=2020-12-07T16:00:00.0000000", result.AccessToken, Display);
//await apiCaller.CallWebApiAndProcessResultASync($"{config.ApiUrl}v1.0/me/calendar", result.AccessToken, Display);
await apiCaller.CallWebApiAndProcessResultASync($"{config.ApiUrl}v1.0/users/[email protected]/calendar/getSchedule", result.AccessToken, Display);
}
}
private static async Task RunAsync()
{
AuthenticationConfig config = AuthenticationConfig.ReadFromJsonFile("appsettings.json");
// You can run this sample using ClientSecret or Certificate. The code will differ only when instantiating the IConfidentialClientApplication
bool isUsingClientSecret = AppUsesClientSecret(config);
// Even if this is a console application here, a daemon application is a confidential client application
IConfidentialClientApplication app;
if (isUsingClientSecret)
{
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithClientSecret(config.ClientSecret)
.WithAuthority(new Uri(config.Authority))
.Build();
}
else
{
X509Certificate2 certificate = ReadCertificate(config.CertificateName);
app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
.WithCertificate(certificate)
.WithAuthority(new Uri(config.Authority))
.Build();
}
// With client credentials flows the scopes is ALWAYS of the shape "resource/.default", as the
// application permissions need to be set statically (in the portal or by PowerShell), and then granted by
// a tenant administrator
string[] scopes = new string[] { config.MsGraphScope };
AuthenticationResult result = await AquireToken(app, scopes);
// Create an HttpClient to handle requests.
// Recommended reading before implementing in production: https://docs.microsoft.com/en-us/aspnet/core/fundamentals/http-requests?view=aspnetcore-5.0#typed-clients
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
//
// The following lines shows how one could take the objectGUID of an Active Directory user, convert and retrive the id of the Azure Active Directory user based on the converted id.
//
//var adUserObjectId = "<Replace with on-premises objectGuid for user>";
////Convert to ImmutableId
//var aadImmutableId = ConvertToImmutableId(adUserObjectId);
////Look for user in Ms Graph
//var users = await apiCaller.GetAsync<GraphResponse<GraphUser>>($"{config.MsGraphBaseAddress}{config.MsGraphApiVersion}/users?$filter=onPremisesImmutableId eq {aadImmutableId}", result.AccessToken);
////Get the id of the one and only user matching the immutable id.
//var aadUserObjectId = users.Value.Single().Id.ToString();
// Sample call to Microsft Graph
var usersResponse = await apiCaller.GetAsync <GraphResponse <GraphUser> >($"{config.MsGraphBaseAddress}{config.MsGraphApiVersion}/users?$top=5", result.AccessToken);
foreach (GraphUser user in usersResponse.Value)
{
Console.WriteLine($"User found in Graph with id: {user.Id}");
}
// Get token for own API
// Note: We need to get a new token since scopes for different applications cannot be mixed in the same "aquire token process"
scopes = new string[] { config.TodoListScope };
result = await AquireToken(app, scopes);
// Sample Get data from protected api
var apiObjects = await apiCaller.GetAsync <IEnumerable <TodoItem> >($"{config.TodoListBaseAddress}/api/todolist", result.AccessToken);
PrintTodoItems(apiObjects);
// Sample Post to protected api
var todoItem = new TodoItem()
{
Id = apiObjects.Count() + 1,
Task = $"Posting a sample task to the protected WebAPI"
};
await apiCaller.PostAsync($"{config.TodoListBaseAddress}/api/todolist", result.AccessToken, JsonSerializer.Serialize(todoItem));
// Show that an item was added...
apiObjects = await apiCaller.GetAsync <IEnumerable <TodoItem> >($"{config.TodoListBaseAddress}/api/todolist", result.AccessToken);
PrintTodoItems(apiObjects);
}
