Get bearer token using delegated authentication

Question

With reference to this article Authorization Request . If my application user is already logged in, how can I request to get my profile using SDK or this API reference: https://graph.microsoft.com/v1.0/me/

SDK code I wrote:

public async Task<string> GetFullNameAsync()
    {
        try
        {
            var user = await _client.Me
                .Request()
                .Select(data => data.DisplayName)
                .GetAsync();
            return user.DisplayName;
        }
        catch (Exception ex)
        {
            return "404 Not Found";
        }
    }

For that, how can I get a bearer token string using delegated authentication for Web Application and single tenant in .NET Core as mentioned in the above article?

Answer 1

To get bearer token using delegated authentication, please check the below if helpful:

• Make use of Microsoft.Identity.Web.MicrosoftGraph nuget package to implement Graph API from an ASP..NET Core web application.
• The application authentication and the authorization are setup in the Startup class.
• For delegated user access token make use of AddMicrosoftIdentityWebApiAuthentication method as below sample code:

public void ConfigureServices(IServiceCollection services)  
{  
services.AddHttpClient();  
services.AddScoped<GraphApiClientDirect>();  
services.AddMicrosoftIdentityWebApiAuthentication(Configuration)  
.EnableTokenAcquisitionToCallDownstreamApi()  
.AddInMemoryTokenCaches();  
services.AddControllers(options =>  
{  
var policy = new AuthorizationPolicyBuilder()  
.RequireAuthenticatedUser()  
.Build();  
options.Filters.Add(new AuthorizeFilter(policy));  
});  
}  

• Use GetAccessTokenForUserAsync method, to get new delegated access token for required scopes.
• The Graph API client service can then be used in the API which is protected using the Microsoft.Identity.Web packages.

[Authorize]  
[ApiController]  
[Route("[controller]")]  
public class GraphCallsController : ControllerBase  
{  
private readonly GraphApiClientDirect _graphApiClientDirect;  
  
public GraphCallsController(GraphApiClientDirect graphApiClientDirect)  
{  
_graphApiClientDirect = graphApiClientDirect;  
}  
[HttpGet]  
public async Task<string> Get()  
{  
var user = await _graphApiClientDirect.GetGraphApiUser()  
.ConfigureAwait(false);  
return user.DisplayName;  
}  
}  

• The correct initialization must be used while using Graph API client in ASP.NET Core applications for delegated access user access tokens.
• Use the IHttpClientFactory to create the HttpClient instance to create instance.
• Use ITokenAcquisition and the IHttpClientFactory interfaces to create the GraphApiClient requests for different scopes.

Please find below references to know more in detail:

Using Microsoft Graph API in ASP.NET Core | Software Engineering (damienbod.com)

Secure a .NET Core API using Bearer Authentication - Do.net Playbook