- Prerequisites
- Register the application
- Build and run the sample
- Code of note
- Questions and comments
- Contributing
- Additional resources
This sample project provides a repository of code snippets that use the Microsoft Graph to perform common tasks, such as sending email, managing groups, and other activities from within an ASP.NET MVC app. It uses the Microsoft Graph .NET Client SDK to work with data returned by the Microsoft Graph.
The sample uses the Microsoft Authentication Library (MSAL) for authentication. The MSAL SDK provides features for working with the Azure AD v2.0 endpoint, which enables developers to write a single code flow that handles authentication for both work or school (Azure Active Directory) and personal (Microsoft) accounts.
In addition, the sample shows how to request tokens incrementally--a feature supported by the Azure AD v2.0 endpoint. Users consent to an initial set of permission scopes during sign in, but can consent to other scopes later. In the case of this sample, any valid user can sign in, but admininstrators can later consent to the admin-level scopes required for certain operations.
The sample uses the ASP.NET OpenId Connect OWIN middleware for sign in and during the initial token acquisition. The sample also implements custom Owin middleware to exchange an authorization code for access and refresh tokens outside of the sign-in flow. The custom middleware calls MSAL to build the authorization request URI and handles the redirects. To learn more about incremental consent, see Integrate Microsoft identity and the Microsoft Graph into a web application using OpenID Connect.
This library is suitable for use in a production environment. We provide the same production level support for this library as we do our current production libraries. During the preview we may make changes to the API, internal cache format, and other mechanisms of this library, which you will be required to take along with bug fixes or feature improvements. This may impact your application. For instance, a change to the cache format may impact your users, such as requiring them to sign in again. An API change may require you to update your code. When we provide the General Availability release we will require you to update to the General Availability version within six months, as applications written using a preview version of library may no longer work.
This sample requires the following:
- Visual Studio 2015
- Either a Microsoft account or an Office 365 for business account. An Office 365 administrator account is required to run admin-level operations. You can sign up for an Office 365 Developer subscription that includes the resources that you need to start building apps.
-
Sign into the App Registration Portal using either your personal or work or school account.
-
Choose Add an app.
-
Enter a name for the app, and choose Create application.
The registration page displays, listing the properties of your app.
-
Copy the Application Id. This is the unique identifier for your app.
-
Under Application Secrets, choose Generate New Password. Copy the password from the New password generated dialog.
You'll need to enter the app Id and app secret values that you copied into the sample app.
-
Under Platforms, choose Add platform.
-
Choose Web.
-
Make sure the Allow Implicit Flow check box is selected, and enter https://localhost:44300/ as the Redirect URI.
The Allow Implicit Flow option enables the hybrid flow. During authentication, this enables the app to receive both sign-in info (the id_token) and artifacts (in this case, an authorization code) that the app can use to obtain an access token.
-
Choose Save.
-
Download or clone the Microsoft Graph Snippets Sample for ASP.NET 4.6.
-
Open the sample solution in Visual Studio.
-
In the Web.config file in the root directory, replace the ida:AppId and ida:AppSecret placeholder values with the values that you copied during app registration.
-
Press F5 to build and run the sample. This will restore the NuGet package dependencies and open the app.
If you see any errors while installing packages, make sure the local path where you placed the solution is not too long/deep. Moving the solution closer to the root of your drive may resolve this issue.
-
Sign in with your personal account (MSA) or your work or school account, and grant the requested permissions.
-
Choose a snippets category, such as Users, Files, or Mail.
-
Choose an operation you want to run. Note the following:
-
Operations that require an argument (such as ID) are disabled until you run a snippet that lets you select an entity.
-
Some snippets (marked as admin-only) require commercial permission scopes that can only be granted by an administrator. To run these snippets, you need to sign in as an admin and then use the link on the Admin scopes tab to consent to the admin-level scopes. This tab is not available for users who are logged in with personal accounts.
-
If you logged in with a personal account, snippets that aren't supported for Microsoft accounts are disabled..
Response information is displayed at the bottom of the page.
This sample creates, updates, and deletes entities and data (such as users or files). Depending on how you use it, you might edit or delete actual entities and data and leave data artifacts.
To use the sample without modifying your actual account data, be sure to perform update and delete operations only on entities that are created by the sample.
-
Startup.Auth.cs. Authenticates the current user and initializes the sample's token cache.
-
SessionTokenCache.cs. Stores the user's token information. You can replace this with your own custom token cache. Learn more in Caching access tokens in a multitenant application.
-
SampleAuthProvider.cs. Implements the local IAuthProvider interface, and gets an access token by using the AcquireTokenSilentAsync method. You can replace this with your own authorization provider.
-
SDKHelper.cs. Initializes the GraphServiceClient from the Microsoft Graph .NET Client Library that's used to interact with the Microsoft Graph.
-
The following controllers contain methods that use the GraphServiceClient to build and send calls to the Microsoft Graph service and process the response.
-
The following views contain the sample's UI.
-
The following files contain the view models and partial view that are used to parse and display Microsoft Graph data as generic objects (for the purposes of this sample).
-
The following files contain code used to support incremental consent. For this sample, users are prompted to consent to an initial set of permissions during sign in, and admin permissions separately.
- AdminController.cs
- OAuth2CodeRedeemerMiddleware.cs. Custom middleware that redeems an authorization code for access and refresh tokens outside of the sign-in flow. See https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect-v2 for more information about implementing incremental consent.
We'd love to get your feedback about this sample. You can send us your questions and suggestions in the Issues section of this repository.
Your feedback is important to us. Connect with us on Stack Overflow. Tag your questions with [MicrosoftGraph].
If you'd like to contribute to this sample, see CONTRIBUTING.md.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
- Other Microsoft Graph Snippets samples
- Microsoft Graph overview
- Office developer code samples
- Office dev center
Copyright (c) 2016 Microsoft. All rights reserved.