How can i use MSAL to authenticate when the app is in Azure?
Question
I have a web app in Azure and the user connects via a link for example https://<SITE_NAME>.azurewebsites.net in their browser.
I am looking at using the Graph API and I have implemented as follows on the app in Azure
string clientId = "<CLIENT_ID>";
string clientSecret = "<CLIENT_SECRET>";
var app = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithClientSecret(clientSecret)
.WithRedirectUri("http://localhost")
.Build();
string[] scopes = new string[]
{
"https://graph.microsoft.com/user.read"
};
var result = await app.AcquireTokenInteractive(scopes)
.ExecuteAsync();
//at this point it if successful login the user will be given an access toke they can use to make other api calls.
If my app is hosted in Azure , the line AcquireTokenInteractive will pop up the "Sign in to your Account" Microsoft window and the window will be popped up on the Azure server, is that correct or am i missing something ?
if the above is incorrect do i have to do the manual way of 1. Get an Authorization Token 2. Use that Authorization Token to get an access token ?
If that is the required way , is there a sample app that shows the required steps in c# ?
1 answers
solution1
0 ACCPTED 2021-07-20 07:28:08
- If my app is hosted in Azure , the line AcquireTokenInteractive will pop up the "Sign in to your Account"
Microsoft window and the window will be popped up on the Azure server, is that correct or am i missing something ?
Yes it is correct, the line AcquireTokenInteractive will pop up the "Sign in to your Account" and the method AcquireTokenInteractive will acquire an access token and MSAL will save this token in its token cache. Microsoft window will be popped up on the Azure server.
When you acquire an access token using the Microsoft Authentication Library for .NET (MSAL.NET), the token is cached.
When the application needs a token, it should first call the AcquireTokenSilent method to verify if an acceptable token is in the cache.
In many cases, it's possible to acquire another token with more scopes based on a token in the cache.
It's also possible to refresh a token when it's getting close to expiration (as the token cache also contains a refresh token).
The recommended pattern is to call the AcquireTokenSilent method first. If AcquireTokenSilent fails, then acquire a token using other methods.
You can refer the below links for more information:
https://github.com/Azure-Samples/ms-identity-aspnet-webapi-onbehalfof
https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-acquire-token-silently
- if the above is incorrect do i have to do the manual way of 1. Get an Authorization Token 2. Use that Authorization Token to get an access token ?
If that is the required way , is there a sample app that shows the required steps in c# ?
However, if you want to manually acquire a token, the following code shows an example of using Microsoft.Identity.Web to do so in a home controller.
It calls Microsoft Graph using the REST API (instead of the Microsoft Graph SDK).
To get a token to call the downstream API, you inject the
ITokenAcquisition service by dependency injection in your controller's constructor (or your page constructor if you use Blazor),
and you use it in your controller actions, getting a token for the user ( GetAccessTokenForUserAsync ) or for the application itself ( GetAccessTokenForAppAsync ) in a daemon scenario.
The controller methods are protected by an [Authorize] attribute that ensures only authenticated users can use the web app.
You can go through the sample app in the below link:
Get a token in a web app that calls web APIs - Microsoft identity platform | Microsoft Docs
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.