/active-directory-dotnet-desktop-msgraph-v2

Sample showing how a Windows desktop .NET (WPF) application can get an access token using MSAL.NET and call the Microsoft Graph API or other APIs protected by the Microsoft identity platform (Azure Active Directory v2)

Primary LanguagePowerShellMIT LicenseMIT

page_type languages products description
sample
csharp
azure
azure-active-directory
dotnet
ms-graph
This sample demonstrates how to use the MSAL.NET to get an access token and call the Microsoft Graph.

Build Badge

This sample is for MSAL 4.x, if you are interested in the same code for MSAL 2.x, look at the releases tab or the previousVersions/Msal2x branch

WPF application signing in users with Microsoft and calling the Microsoft Graph

Getting Started Library Docs Support

This simple sample demonstrates how to use the Microsoft Authentication Library (MSAL) for .NET to get an access token and call the Microsoft Graph (using OAuth 2.0 against the Microsoft identity platform endpoint).

Topology

Steps to Run

You can get full explanation about this sample, and build it from scratch by going to Windows desktop .NET guided walkthrough.

This sample is pre-configured. If you just want to quickly run it just:

  1. Clone the code.
  git clone https://github.com/Azure-Samples/active-directory-dotnet-desktop-msgraph-v2.git
  1. Run the application from Visual Studio (Debug | Start without Debugging)

[Optional] Use your own application coordinates

If you want to use your own application coordinates, please follow these instructions:

Choose the Azure AD tenant where you want to create your applications

  1. Sign in to the Azure portal using either a work or school account or a personal Microsoft account.
  2. If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the desired Azure AD tenant (using Switch Directory).
  3. In the left-hand navigation pane, select the Azure Active Directory service, and then select App registrations.

Register the client app (WpfApp)

  1. Navigate to the Microsoft identity platform for developers App registrations page.
  2. Select New registration.
    • In the Name section, enter a meaningful application name that will be displayed to users of the app, for example WpfApp.
    • In the Supported account types section, select Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com).
    • Select Register to create the application.
  3. On the app Overview page, find the Application (client) ID value and record it for later. You'll need it to configure the Visual Studio configuration file for this project.
  4. In the list of pages for the app, select Authentication.
  5. In the Redirect URIs list, under Suggested Redirect URIs for public clients (mobile, desktop) be sure to add https://login.microsoftonline.com/common/oauth2/nativeclient.
  6. Select Save.
  7. Configure Permissions for your application. To that extent in the list of pages click on API permissions
    • click the Add a permission button and then,
    • Ensure that the Microsoft APIs tab is selected
    • In the Commonly used Microsoft APIs section, click on Microsoft Graph
    • In the Delegated permissions section, ensure that the right permissions are checked: User.Read. Use the search box if necessary.

Configure the code to use your application's coordinates

  1. Open the active-directory-wpf-msgraph-v2\App.xaml.cs file
  2. Find the app key ClientId and replace the existing value with the application ID (clientId) of the WpfApp application copied from the Azure portal.
  3. If connecting to a national cloud, open the 'active-directory-wpf-msgraph-v2\MainWindow.xaml.cs' file and update string graphAPIEndpoint to the appropriate endpoint. See a list of national cloud Graph enpoints here.
  4. Run the application from Visual Studio (Debug | Start without Debugging)

Troubleshooting

System.Security.Cryptography.CryptographicException: 'Key not valid for use in specified state

What happens You execute the app on my machine, zip the bin\release folder and share it with a colleague and this does no longer work with an exception (see #56 for details).

How to remediate Remove the tokencache file (which ends in .msalcache.bin3) from the bin\debug and bin\release folder before moving your app to the new system. The token cache in this sample uses DPAPI, which is only for you

Consider taking a moment to share your experience with us.

Community Help and Support

We use Stack Overflow with the community to provide support. We highly recommend you ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [msal.dotnet].

If you find a bug in the sample please raise the issue on GitHub Issues.

If you find a bug in msal.Net, please raise the issue on MSAL.NET GitHub Issues.

To provide a recommendation, visit our User Voice page.

Contributing

If you'd like to contribute to this sample, see CONTRIBUTING.MD.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

More information

For more information see MSAL.NET's conceptual documentation: