Posted on

Azure Active Directory – Web app / Api – Step by step

In continuation of my previous blog – Register an app with the Azure Active Directory v2.0 endpoint – demonstrating how to create an Application Type: Web App /API within Azure.

Create Web app / API

    • Step 1: Create
      1. Login to portal.azure.com
      2. Go to Azure Active Directory > App registrations > New Application Registration
      3. In the Name field, give a descriptive name
      4. Choose Web app / API
      5. For Sign-on Url:
        • If you are doing a POC, give a http://localhost:{port number}/
        • If you are planning to host the code on Azure Web App, then provide as follows:  https://{youwebapp}.azurewebsites.net/
      1. Click on Create

    • Step 2: Configure
      1. Once the App is created, click on Settings
      2. Under Keys, we are going to set the “Client Secret”,
        • Enter a Key Name (descriptive)
        • Enter an Expiration Value
        • On Save, the Client Secret will be generated, take a note of it as it gets hidden once you leave the screen.

Now Under Required permissions, based on all available API, set all necessary permissions you need to, please note here that after settings up permissions, you/AAD Admin need to “Grant” them explicitly otherwise it will not work.

    • Step 3: Take Note
      1. Application ID – which is the Client ID
      2. Client Secret as per step 10
      3. Tenant ID => Azure Active Directory > Properties > Directory ID

Web app / API – Usage

In this POC – I am getting the Current User Request [me] using GraphServiceClient.

      1. Download the project (use Nuget Manager to download necessary references).
      2. In the GraphController, update ClientId, ClientSecret, TenantId as per above step 
      3. Update the UriString as per above step 5
      4. Build and run the code
      5. The entry point is the Gettotken responsible for the Authentication  – Access the code using following your local IIS url http://localhost:12345/Graph/Gettoken
A. Get Authorization Code (see the solution for complete code)

AuthenticationContext authContext = new AuthenticationContext(authorityURL, true);
Task redirectUri = authContext.GetAuthorizationRequestUrlAsync(resource, clientId, new Uri(uriString), UserIdentifier.AnyUser, string.Empty);
redirectUri.Wait();
return Redirect(redirectUri.Result.AbsoluteUri);

Please note here that the AbsoluteUri has to match with the UriString otherwise it won’t work – this is an extra layer of security added by Microsoft.
Once successful, it will redirect to the Gettoken method once more to get the access token.
B. Use Authorization Code to request the Access Token (see the solution for complete code)

string code = Request.Params["code"];
ClientCredential clientCredentials = new ClientCredential(clientId, clientSecret);
Task request = authContext.AcquireTokenByAuthorizationCodeAsync(code, new Uri(uriString), clientCredentials);
request.Wait();
Session["code"] = request.Result.AccessToken;
return RedirectToAction("Index");

Once successful, it will redirect to the Index method for further processing.
C. Use Authorization Code to request the Access Token (see the solution for complete code)

public ActionResult Index(string authenticationCode)
{
string code = (string)Session["code"];
GraphServiceClient graphClient = GetGraphClient(code);

//Get User information [me]
Task meRequest = graphClient.Me.Request().GetAsync();
meRequest.Wait();
           
User resultMeRequest = meRequest.Result;
Response.Write(resultMeRequest.AboutMe);

return View();
}