Office 365 API ADFS

Question

I'm trying display an unread message count of an Exchange Online mailbox in a C# WPF application. We have ADFS (2008 R2) SSO implemented on-premises and use DirSync to Office365. We always receive an authentication prompt when doing the request with the REST API, however SSO works (via ADFS) when accessing Outlook Web App.

I'm trying to access via this

There is little documentation of using the REST API with ADFS deployed, and I'd like to know if the REST API is compatible with ADFS (2008 R2) SSO at all? The documentation over on the REST API pages, has no mention at all of ADFS, despite it being a common authentication mechanism for Enterprise Office365 customers.

Answer 1

Our Rest APIs do not support federated access, so even when you integrate your app with federation, the API access will not work. You can however use OAuth2 to get an access token for the Rest APIs. In the OAuth2 flow you can however take advantage of federation, as OAuth2 will hit the authorize endpoint for consent, and the authorize endpoint will honor an existing sign-on session your app has with AAD (via ADFS). So the user of your app does most likely not see the credential prompt, and your app get access tokens from the AAD Oauth2 token issuing endpoint following the Oauth2 protocol: https://msdn.microsoft.com/en-us/library/azure/dn645542.aspx . Note as your app is developed in C# .net, you can fully take advantage of the OAuth2 auth library, ADAL, and you do not need to implement the protocol by yourself. We have many examples available and a good starting point is: http://www.cloudidentity.com/blog/2014/05/06/azure-ad-samples-on-github/ .

Hope this helps.

Thanks, Matthias