Skip to content
This repository has been archived by the owner on May 8, 2020. It is now read-only.
/ console-csharp-snippets-sample Public archive

[ARCHIVED] This Windows console app demonstrates how to perform various operations using the Microsoft Graph client library with both delegated and application permissions. This sample uses the Microsoft Authentication Library (MSAL) for authentication on the Azure AD v2.0 endpoint.

License

MIT license
17 stars 23 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

microsoftgraph/console-csharp-snippets-sample

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
README-localized
README-localized
 
 
console-csharp-snippets-sample
console-csharp-snippets-sample
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
console-csharp-snippets-sample.sln
console-csharp-snippets-sample.sln
 
 

Repository files navigation

[ARCHIVED] Microsoft Graph C# Console Snippets App

IMPORTANT

This project is being archived and replaced with the Build .NET Core apps with the Microsoft Graph SDK training. As part of the archival process, we're closing all open issues and pull requests.

You can continue to use this sample "as-is", but it won't be maintained moving forward. We apologize for any inconvenience.

Table of contents

Introduction

This sample application provides a repository of code snippets that use the Microsoft Graph to perform common tasks, such as sending email, managing groups, and other activities from within a Windows console application. It uses the Microsoft Graph .NET Client SDK to work with data returned by the Microsoft Graph.

The sample uses the Microsoft Authentication Library (MSAL) for authentication. The sample demonstrates both delegated and application permissions.

Delegated permissions are used by apps that have a signed-in user present. For these apps either the user or an administrator consents to the permissions that the app requests and the app is delegated permission to act as the signed-in user when making calls to Microsoft Graph. Some delegated permissions can be consented to by non-administrative users, but some higher-privileged permissions require administrator consent. This application contains some groups-related operations that require administrative consent, and the associated permissions required to do them, are commented by default.

Application permissions are used by apps that run without a signed-in user present; you can use this type of permission for apps that run as background services or daemons and that therefore will neither have nor require user consent. Application permissions can only be consented to by a tenant administrator. It is important that you understand that you give this sample a lot of power by providing it admin consent. For example, if you run this sample in AppMode against your tenant, you will create a group, add and then remove members of the group, and then delete the group.

If you want to use both types of permissions, you'll need to create and configure two applications in the Azure Active Directory admin center, one for delegated permissions and another for application permissions. The sample is structured so that you can configure only one application if you're interested in only one type of permission. Use the UserMode class if you're interested only in delegated permissions and the AppMode class if you're interested only in application permissions.

See Delegated permissions, Application permissions, and effective permissions for more information about these permission types. Also see Get access without a user for more information on application permissions specifically.

Prerequisites

This sample requires the following:

Application registration

This sample contains examples that use both delegated permissions and application permissions, so you'll need register the app separately for each scenario.

Register the delegated permissions application

  1. Navigate to the Azure Active Directory admin center. Login using a personal account (aka: Microsoft Account) or Work or School Account.

  2. Select Azure Active Directory in the left-hand navigation, then select App registrations (Preview) under Manage.

  3. Select New registration. On the Register an application page, set the values as follows.

    • Set Name to Console Snippets Sample (Delegated perms).
    • Set Supported account types to Accounts in any organizational directory and personal Microsoft accounts.
    • Leave Redirect URI empty. ** Choose Register.

  4. On the Console Snippets Sample (Delegate perms) page, copy the values of both the Application (client) ID and the Directory (tenant) ID. Save these two values, since you will need them later.

  5. Select the Add a Redirect URI link. On the Redirect URIs page, locate the Suggested Redirect URIs for public clients (mobile, desktop) section. Select the URI that begins with msal and the urn:ietf:wg:oauth:2.0:oob URI.

  6. Open the sample solution in Visual Studio and then open the Constants.cs file. Change the Tenant string to the Directory (tenant) ID value you copied earlier. Change the ClientIdForUserAuthn string to the Application (client) ID value.

Register the application permissions application

  1. Navigate to the Azure Active Directory admin center. Login using a Work or School Account.

  2. Select Azure Active Directory in the left-hand navigation, then select App registrations (Preview) under Manage.

  3. Select New registration. On the Register an application page, set the values as follows.

    • Set Name to Console Snippets Sample (Application perms).
    • Set Supported account types to Accounts in any organizational directory.
    • Leave Redirect URI empty.
    • Choose Register.

  4. On the Console Snippets Sample (Application perms) page, copy and save the values for the Application (client) ID and the Directory (tenant) ID. You will need them in step 7.

  5. Select Certificates & secrets under Manage. Select the New client secret button. Enter a value in Description, select any option for Expires and choose Add.

  6. Copy the client secret value before leaving the page. You will need it in the next step.

  7. Open the sample solution in Visual Studio and then open the Constants.cs file. Change the Tenant string to the Directory (tenant) ID value you copied earlier. Similarly, change the ClientIdForAppAuthn string to the Application (client) ID value and change the ClientSecret string to the client secret value.

  8. Return to the Azure Active Directory management center. Select API permisions and then select Add a permission. On the panel that appears, choose Microsoft Graph and then choose Application permissions.

  9. Use the Select permissions search box to search for the following permissions: Directory.Read.All, Group.ReadWrite.All, Mail.Read, Mail.ReadWrite, and User.Read.All. Select the check box for each permissions as it appears (note that the permissions will not remain visible in the list as you select each one). Select the Add permissions button at the bottom of the panel.

  10. Choose the Grant admin consent for [tenant name] button. Select Yes for the confirmation that appears.

Build and run the sample

  1. Open the sample solution in Visual Studio.
  2. Press F5 to build and run the sample. This will restore the NuGet package dependencies and open the console application.
  3. Select User mode to run the application with delegated permissions only. Select App mode to run the application with application permissions only. Select both to run using both types of permissions.
  4. When you run User mode, you'll be prompted to sign in with an account on your Office 365 tenant and consent to the permissions that the application requests. If you want to run the groups-related operations in the UserMode class, you'll need to uncomment the GetDetailsForGroups method in the UserMode.cs file and the Group.Read.All scope in the AuthenticationHelper.cs file. After you make those changes only an admin will be able to sign in and consent. Otherwise, you can sign in and consent with a non-admin user.
  5. When you run App mode, the application will begin performing a number of common groups-related tasks that only an admin can do. Since you've already authorized the application to make these operations, you won't be prompted to sign in and consent.

Questions and comments

We'd love to get your feedback about the Microsoft Graph API Console App. You can send your questions and suggestions in the Issues section of this repository.

Questions about Microsoft Graph development in general should be posted to Stack Overflow. Make sure that your questions or comments are tagged with [microsoftgraph].

Contributing

If you'd like to contribute to this sample, see CONTRIBUTING.MD.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Additional resources

Copyright

Copyright (c) 2017 Microsoft. All rights reserved.

About

[ARCHIVED] This Windows console app demonstrates how to perform various operations using the Microsoft Graph client library with both delegated and application permissions. This sample uses the Microsoft Authentication Library (MSAL) for authentication on the Azure AD v2.0 endpoint.

Topics

devxsample

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

17 stars

Watchers

55 watching

Forks

23 forks
Report repository

Releases 3

Microsoft Graph C# Console Snippets App Latest
May 7, 2020
+ 2 releases

Packages

No packages published

Contributors 8

Languages