I am attempting to programmatically authorise an Azure application from an Azure AD joined machine.
If I go to the application URL in Internet Explorer it is able to verify the logged on user account.
My current code looks something like this:
using Microsoft.IdentityModel.Clients.ActiveDirectory; AuthenticationContext context = new AuthenticationContext("https://login.microsoftonline.com/TENANTGUID"); Uri uri = new Uri("urn:ietf:wg:oauth:2.0:oob"); var pparams = new PlatformParameters(PromptBehavior.Auto, null); AuthenticationResult result = await context.AcquireTokenAsync("https://graph.windows.net", "1950a258-227b-4e31-a9cf-717495945fc2", uri, pparams);
This call is successful but I want to acquire a token for the currently logged on user.
The first two parameters to the AcquireTokenAsync
call are resource
and clientid
.
I can get the Homepage url and application id for the application I want to access but cannot find a combination of the two that works.
What parameters should I pass to this function to silently validate the logged on user and obtain an authorisation header that can be used in subsequent calls to the application?
https://login.microsoftonline.com/$TenantID/oauth2/token
- user5780947https://graph.windows.net
is the identifier for Azure AD Graph API.https://graph.microsoft.com
is the identifier for the Microsoft Graph API. It all depends on the token cache having some credentials in it though to work. - juunas