page_type | languages | products | description | |||||
---|---|---|---|---|---|---|---|---|
sample |
|
|
This sample demonstrates how to use the MSAL.NET to get an access token and call the Microsoft Graph. |
This sample is for MSAL 4.x, if you are interested in the same code for MSAL 2.x, look at the releases tab or the previousVersions/Msal2x branch
WPF application signing in users with Microsoft and calling the Microsoft Graph
Getting Started | Library | Docs | Support |
---|
This simple sample demonstrates how to use the Microsoft Authentication Library (MSAL) for .NET to get an access token and call the Microsoft Graph (using OAuth 2.0 against the Microsoft identity platform endpoint).
Steps to Run
You can get full explanation about this sample, and build it from scratch by going to Windows desktop .NET guided walkthrough.
This sample is pre-configured. If you just want to quickly run it just:
- Clone the code.
git clone https://github.com/Azure-Samples/active-directory-dotnet-desktop-msgraph-v2.git
- Run the application from Visual Studio (Debug | Start without Debugging)
[Optional] Use your own application coordinates
If you want to use your own application coordinates, please follow these instructions:
Choose the Azure AD tenant where you want to create your applications
- Sign in to the Azure portal using either a work or school account or a personal Microsoft account.
- If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the desired Azure AD tenant (using Switch Directory).
- In the left-hand navigation pane, select the Azure Active Directory service, and then select App registrations.
Register the client app (WpfApp)
- Navigate to the Microsoft identity platform for developers App registrations page.
- Select New registration.
- In the Name section, enter a meaningful application name that will be displayed to users of the app, for example
WpfApp
. - In the Supported account types section, select Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com).
- Select Register to create the application.
- In the Name section, enter a meaningful application name that will be displayed to users of the app, for example
- On the app Overview page, find the Application (client) ID value and record it for later. You'll need it to configure the Visual Studio configuration file for this project.
- In the list of pages for the app, select Authentication.
- In the Redirect URIs list, under Suggested Redirect URIs for public clients (mobile, desktop) be sure to add https://login.microsoftonline.com/common/oauth2/nativeclient.
- Select Save.
- Configure Permissions for your application. To that extent in the list of pages click on API permissions
- click the Add a permission button and then,
- Ensure that the Microsoft APIs tab is selected
- In the Commonly used Microsoft APIs section, click on Microsoft Graph
- In the Delegated permissions section, ensure that the right permissions are checked: User.Read. Use the search box if necessary.
Configure the code to use your application's coordinates
- Open the
active-directory-wpf-msgraph-v2\App.xaml.cs
file - Find the app key
ClientId
and replace the existing value with the application ID (clientId) of theWpfApp
application copied from the Azure portal. - If connecting to a national cloud, open the 'active-directory-wpf-msgraph-v2\MainWindow.xaml.cs' file and update string
graphAPIEndpoint
to the appropriate endpoint. See a list of national cloud Graph enpoints here. - Run the application from Visual Studio (Debug | Start without Debugging)
Troubleshooting
System.Security.Cryptography.CryptographicException: 'Key not valid for use in specified state
What happens You execute the app on my machine, zip the bin\release folder and share it with a colleague and this does no longer work with an exception (see #56 for details).
How to remediate
Remove the tokencache file (which ends in .msalcache.bin3
) from the bin\debug
and bin\release
folder before moving your app to the new system. The token cache in this sample uses DPAPI, which is only for you
Community Help and Support
We use Stack Overflow with the community to provide support. We highly recommend you ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [msal.dotnet].
If you find a bug in the sample please raise the issue on GitHub Issues.
If you find a bug in msal.Net, please raise the issue on MSAL.NET GitHub Issues.
To provide a recommendation, visit our User Voice page.
- Developers who wish to gain good familiarity of programming for Microsoft Graph are advised to go through the An introduction to Microsoft Graph for developers recorded session.
Contributing
If you'd like to contribute to this sample, see CONTRIBUTING.MD.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
More information
For more information see MSAL.NET's conceptual documentation:
- Quickstart: Register an application with the Microsoft identity platform
- Quickstart: Configure a client application to access web APIs
- Recommended pattern to acquire a token in public client applications
- Acquiring tokens interactively in public client applications
- Customizing Token cache serialization