Skip to content
Authentication Providers for Microsoft Graph .NET SDK
Branch: dev
Clone or download
MIchaelMainer Update increment script (#41)
* Updated IncrementPreviewVersion.ps1 to handle csproj form

Querying an element that can occur one or more times is a bit
inconsistent. For example, if there is an xml document
<H1><H2/><H2/></H1>, the first element is queried by $xmldoc.H1.H2[0].
If there is a single element, <H1><H2/></H1>, $xmldoc.H1.H2[0] is
no longer valid. The valid query is now $xmldoc.H1.H2
Latest commit 43543f7 Jun 7, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
scripts Update increment script (#41) Jun 7, 2019
src Enable auto-increment preview version (#40) Jun 7, 2019
.gitignore Initial commit Sep 11, 2018
LICENSE Initial commit Sep 11, 2018
README.md Enable auto-increment preview version (#40) Jun 7, 2019

README.md

Microsoft Graph .NET Authentication Provider Library

Build status

Microsoft Graph .NET authentication library provides a set of OAuth scenario-centric authentication providers that implement Microsoft.Graph.IAuthenticationProvider and uses Microsoft Authentication Library (MSAL) under the hood to handle access token acquisition and storage. It also exposes BaseRequest extension methods that are used to set per request authentication options to the providers.

Get started with Microsoft Graph .NET Authentication Provider Library by integrating Microsoft Graph API into your .Net application.

Microsoft Graph .NET Authentication Provider Library targets .NetStandard 1.3 and depends on Microsoft.Identity.Client 2.7.1.

Installation via NuGet

To install the authentication provider library via Nuget:

  • Search for Microsoft.Graph.Auth in NuGet or
  • Type Install-Package Microsoft.Graph.Auth into the Package Manager Console.

Getting Started

1. Register your application

Register your application to use Microsoft Graph API using one of the following supported authentication portals:

2. Create IAuthenticationProvider object

2.1. Confidential Client Providers

Are used by applications that can securely store an application's secret and call Microsoft Graph in the name of a user, or without a user. They are broadly classified as :

  • Daemons/Services.
  • Web Clients (Web Apps/ Web APIs).

a. Authorization code provider

Authorization code provider is used by Web Apps (ASP.NET & ASP.NET Core) to acquire Microsoft Graph access token in the name of a user. It uses MSALs Authorization Code to authenticate Microsoft Graph requests.

IConfidentialClientApplication clientApplication = AuthorizationCodeProvider.CreateClientApplication(clientId, redirectUri, clientCredential);

AuthorizationCodeProvider authenticationProvider = new AuthorizationCodeProvider(clientApplication, scopes);

b. Client credential provider

Client credential provider is used by services and desktop applications to acquire Microsoft Graph access token without a user. The app should have previously registered a secret (app password or certificate) with Azure AD during the application registration. This provider leverages on MSALs Client Credential Flows to authenticate Microsoft Graph requests.

IConfidentialClientApplication clientApplication = ClientCredentialProvider.CreateClientApplication(clientId, clientCredential);

ClientCredentialProvider authenticationProvider = new ClientCredentialProvider(clientApplication);

c. On behalf of provider

As the name suggests, on behalf of provider is used by services or daemons to acquire Microsoft Graph access token on behalf of a user by passing a UserAssertion. This provider uses MSALs On Behalf Of to authenticate Microsoft Graph requests.

IConfidentialClientApplication clientApplication = OnBehalfOfProvider.CreateClientApplication(clientId, redirectUri, clientCredential);

OnBehalfOfProvider authenticationProvider = new OnBehalfOfProvider(clientApplication, scopes);

2.2. Public Client Providers

These providers are used by Native client applications (mobile/ desktop applications) that can't securely store an application's secret and call Microsoft Graph in the name of a user.

a. Device code provider

Device code provider is used by desktop apps that run on devices without browsers to call Microsoft Graph in the name of a user. This provider leverages MSALs Device Code Flow to authenticate Microsoft Graph requests.

IPublicClientApplication clientApplication = DeviceCodeProvider.CreateClientApplication(clientId);

DeviceCodeProvider authenticationProvider = new DeviceCodeProvider(clientApplication, scopes);

b. Integrated windows authentication provider

This provider is used by Windows hosted .NET applications running on computers joined to Azure AD to acquire token silently. This provider leverages MSALs Integrated Windows Authentication to authenticate Microsoft Graph requests.

IPublicClientApplication clientApplication = IntegratedWindowsAuthenticationProvider.CreateClientApplication(clientId);

IntegratedWindowsAuthenticationProvider authenticationProvider = new IntegratedWindowsAuthenticationProvider(clientApplication, scopes);

c. Interactive authentication provider

Interactive authentication provider is used by mobile applications (Xamarin and UWP) and desktops applications to call Microsoft Graph in the name of a user. Refer to MSALs interactive Authentication on how to configure the provider for your platform of choice since each platform has its own specificities.

IPublicClientApplication clientApplication = InteractiveAuthenticationProvider.CreateClientApplication(clientId);

InteractiveAuthenticationProvider authenticationProvider = new InteractiveAuthenticationProvider(clientApplication, scopes);

d. Username password provider

This provider is used by desktop applications to acquire Microsoft Graph access token by leveraging MSALs Username Password with the provider username (email) and password.

IPublicClientApplication clientApplication = UsernamePasswordProvider.CreateClientApplication(clientId);

UsernamePasswordProvider authenticationProvider = new UsernamePasswordProvider(clientApplication, scopes);

3. Initialize Microsoft Graph service client with an authentication provider

GraphServiceClient graphServiceClient = new GraphServiceClient(authenticationProvider);

4. Make request to Microsoft Graph

Once the GraphServiceClient has been initialized with an authentication provider, you can make calls against Microsoft Graph service. The requests should follow the Microsoft Graph REST API syntax. For example, to retrieve a user's default drive:

GraphServiceClient graphServiceClient = new GraphServiceClient(authenticationProvider);

var drive = await graphServiceClient.Me.Drive.Request().GetAsync();

Example

1. Client credential provider

// Create client application.
ConfidentialClientApplication clientApplication = ClientCredentialProvider.CreateClientApplication(clientId, redirectUri, clientCredential);
// Create authentication provider.
ClientCredentialProvider authenticationProvider = new ClientCredentialProvider(clientApplication);
// Configure GraphServiceClient with provider.
GraphServiceClient graphServiceClient = new GraphServiceClient(authenticationProvider);
// Make a request
var me = await graphServiceClient.Me.Request().WithForceRefresh(true).GetAsync();

Documentation

Issues

To view or log MSAL.Net issues, see issues. This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

To view or log Microsoft Graph Authentication library issues, see issues.

Additional resources

License

Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT license. See Third Party Notices for information on the packages referenced via NuGet.

You can’t perform that action at this time.