Azure Active Directory - Calling Microsoft Graph API from the template project in VS2013

0
votes

Here is a break down to the problem I'm facing:

  • I created a project from VS2013, MVC with multi tenant organization account login, uses AAD for authentication
  • The project template works fine for me but I need more, I need to call the graph API
  • The sample project on github that calls the graph API also works fine on its own but we need to apply the same concept into our project which is based on the template from VS2013
  • When trying to call the graph API from our solution using a similar way, it doesn’t work

Here is the summary of the agony I’ve been going through the last few days.

VS2013 project template uses this code for the SignIn method in the Account controller:

 WsFederationConfiguration config = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
        string callbackUrl = Url.Action("Index", "Home", routeValues: null, protocol: Request.Url.Scheme);
        SignInRequestMessage signInRequest = FederatedAuthentication.WSFederationAuthenticationModule.CreateSignInRequest(
            uniqueId: String.Empty,
            returnUrl: callbackUrl,
            rememberMeSet: false);
        signInRequest.SetParameter("wtrealm", IdentityConfig.Realm ?? config.Realm);
        return new RedirectResult(signInRequest.RequestUrl.ToString());

The sample project from github uses this:

HttpContext.GetOwinContext()
                .Authentication.Challenge(new AuthenticationProperties {RedirectUri = "/"},
                    OpenIdConnectAuthenticationDefaults.AuthenticationType);

Then on the startup class it captures the AuthorizationCodeReceived like this:

app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {

                ClientId = clientId,
                Authority = Authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,

                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    //
                    // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
                    //

                    AuthorizationCodeReceived = (context) =>
                    {
                        var code = context.Code;

Then it saves it in the a TokenCache, when calling the graph API, it initiates the AuthenticationContext class with the cache like this

                AuthenticationContext authContext = new AuthenticationContext(Startup.Authority,
                new NaiveSessionCache(userObjectID));
            ClientCredential credential = new ClientCredential(clientId, appKey);
            result = authContext.AcquireTokenSilent(graphResourceId, credential,
                new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));

What I tried to do is this:

 AuthenticationContext authContext = new AuthenticationContext(authority);
                ClientCredential credential = new ClientCredential(clientId, appKey);

result = await authContext.AcquireTokenAsync(graphResourceId, credential);

This returns a shorter token with some missing info.

This issue can be easily replicated if you create a new project in VS2013 using MVC and Organization Account login, then try to call the graph API.

I need a way of calling the graph API using the template project from VS2013.

1
azureopenidws-federationazure-ad-graph-api
what kind of information do you need from the AD ? You need to use this token to call the graph APIThomas
The simple way of authentication with AAD returns the login name of users only. One of our clients have their logins different from thier emails. I need to get their emails. There is parameter called "mail" returned by the graph that has this info.Ahmed Mansour

1 Answers

0
votes

We contacted Microsoft support about the issue and here is a summary of the solution. The template created from VS2013 uses WSFederation library for authentication. There is no easy way to use that to call the Graph API. This was rectified by Microsoft in VS2015 where the same template uses OpenID library to authenticate and then you can make calls to the Graph API.