带有 B2C AD 的 Azure Graph

Question

When I try to acquire a token from my Azure AD B2C app using

Microsoft.IdentityModel.Clients.ActiveDirectory - 3.13.1 Microsoft.Azure.ActiveDirectory.GraphClient - 2.1.0

like this:

var authUri = "https://login.microsoftonline.com/6b7403d6-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/token";
var clientId = "59e08b82-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
var appKey = "XXXX-MyAppKey-XXXX";
var graphUri = "https://graph.windows.net/6b7403d6-xxxx-xxxx-xxxx-xxxxxxxxxxxx";

var authenticationContext = new AuthenticationContext(authUri, false);
var clientCred = new ClientCredential(clientId, myAppKey);

var authenticationResult = await authenticationContext.AcquireTokenAsync(graphUri, clientCred);

I get

[AdalServiceException: AADSTS70001: Application '59e08b82-xxxx-xxxx-xxxx-xxxxxxxxxxxx' is not supported for this API version.

Is there a library I can use in ASP.NET MVC 5 (.NET 4.5) to get access to the B2C Active directory I created using the UI of the new Azure Portal , not PowerShell from this example ?

(The xxxx's are just for privacy here)

Answer 1

You don't need power shell creation any more, MSFT have given permission to add a new application in Azure AD(not in azure b2c), which can be used to access Graph API in azure B2C. You need to follow below steps IN https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet

Only for Deleting access for your graph api you need to do some power-shell magic...

Answer 2

The example you referenced: https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-devquickstarts-graph-dotnet/ only uses powershell to set up a Service Principal.

After you have the Service Principal, you can use that in your code to access the Graph API. The example does this from a console app, but this works as well from MVC 5