In this sample we show you how to integrate with school roles/roster data as well as O365 services available via the Graph API.
School data is kept in sync in O365 Education tenants by Microsoft School Data Sync.
Table of contents
- Sample Goals
- Prerequisites
- Register the application in Azure Active Directory
- Build and debug locally
- Deploy the sample to Azure
- Understand the code
- [Optional] Build and debug the WebJob locally
- Questions and comments
- Contributing
The sample demonstrates:
-
Calling Graph APIs, including:
-
Linking locally-managed user accounts and Office 365 (Azure Active Directory) user accounts.
After linking accounts, users can use either local or Office 365 accounts to log into the sample web site and use it.
-
Getting schools, sections, teachers, and students from Office 365 Education:
- Office 365 Schools REST API reference
- A Differential Query is used to sync data that is cached in a local database by the SyncData Web Job.
EDUGraphAPI is based on ASP.NET MVC and ASP.NET Identity is also used in this project.
Deploying and running this sample requires:
- An Azure subscription with permissions to register a new application, and deploy the web app.
- An O365 Education tenant with Microsoft School Data Sync enabled
- One of the following browsers: Edge, Internet Explorer 9, Safari 5.0.6, Firefox 5, Chrome 13, or a later version of one of these browsers. Additionally: Developing/running this sample locally requires the following:
- Visual Studio 2017 (any edition).
- Familiarity with C#, .NET Web applications, JavaScript programming and web services.
-
Sign into the new azure portal: https://portal.azure.com/.
-
Choose your Azure AD tenant by selecting your account in the top right corner of the page:
-
Click Azure Active Directory -> App registrations -> +Add.
-
Input a Name, and select Web app / API as Application Type.
Input Sign-on URL: https://localhost:44311/
Click Create.
-
Once completed, the app will show in the list.
-
Click it to view its details.
-
Click All settings, if the setting window did not show.
-
Click Properties, then set Multi-tenanted to Yes.
Copy aside Application ID, then Click Save.
-
Click Required permissions. Add the following permissions:
API Application Permissions Delegated Permissions Microsoft Graph Read all users' full profiles
Read directory data
Read all groupsRead directory data
Access directory as the signed in user
Sign users in
Have full access to all files user can access
Have full access to user files
Read users' class assignments without grades
Read and write users' class assignments without grades
Read users' class assignments and their grades
Read and write users' class assignments and their gradesWindows Azure Active Directory Read directory data Sign in and read user profile
Read and write directory data
Application Permissions
Permission Description Admin Consent Required Read all users' full profiles Allows the app to read the full set of profile properties, group membership, reports and managers of other users in your organization, without a signed-in user. Yes Read directory data Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user. Yes Delegated Permissions
Permission Description Admin Consent Required Read directory data Allows the app to read data in your organization's directory, such as users, groups and apps. Yes Access directory as the signed in user Allows the app to have the same access to information in the directory as the signed-in user. Yes Sign users in Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information. No Sign in and read user profile Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. No Read and write directory data Allows the app to read and write data in your organization's directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords. Yes
-
Click Keys, then add a new key:
Click Save, then copy aside the VALUE of the key.
Close the Settings window.
-
-
Click Manifest.
Insert the following JSON to the array of keyCredentials.
{ "customKeyIdentifier": "nNWUyxhgK5zcg7pPj8UFo1xFM9Y=", "keyId": "fec5af6a-1cc8-45ec-829f-95999e623b2d", "type": "AsymmetricX509Cert", "usage": "Verify", "value": "MIIDIzCCAg+gAwIBAgIQUWcl+kIoiZxPK2tT8v05WzAJBgUrDgMCHQUAMCQxIjAgBgNVBAMTGUVkdUdyYXBoQVBJIEFwcCBPbmx5IENlcnQwHhcNMTYxMDMxMTYwMDAwWhcNMzYxMDMwMTYwMDAwWjAkMSIwIAYDVQQDExlFZHVHcmFwaEFQSSBBcHAgT25seSBDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwND0Wclbty/5UYwsrjAvSFaw8JOi33lXP1QI4qecOH4HXvrhz4L5ZN8thG6L/nSIcocuELNbDfJhLehBzxKwtvq9tO0o3MpFK0aloQS5JmoAstMns427osG8DpfnaqwiFyMv558fUHSEkx8GSU/IQgZ6IoSLahTSGCy0LRFHKIyZ6Xo0z9zYN07eQO53obakNlF6YzUg+2v6jLmKnmSXbog+46F9yVvTK2/4MLdPy7lKO2lycec+mljlBWJF4shLacaVrdtQZtanY0zN+XlM48mUVSToNz18tGX/cW9PT5WqIO/O5liEnz9O5u4NTBUUYDqiSuxA4yHV63A+zxhwPwIDAQABo1kwVzBVBgNVHQEETjBMgBAUkYVZ6pBIdTnoV4pmTRzwoSYwJDEiMCAGA1UEAxMZRWR1R3JhcGhBUEkgQXBwIE9ubHkgQ2VydIIQUWcl+kIoiZxPK2tT8v05WzAJBgUrDgMCHQUAA4IBAQBwRDrFpLRYGFARs20Ez+sK6ACrtFbVC5tAnFxr97FWTbixXFm1GPC/pmSnYsiRtiLMliX1+QmTIT80OFk2rfnv3EjY2uCF0XWXH7oRonUFpScA2rQ0geEPRVDXHQ9TJcdEX6+QD6/hAFyANUkWb9uHT1srIxUHerwPCmprOfSCqLVkYXZgvnvWC9XeJP4KriftiqNkfr2FIjqvWrkUMn7iHBHRMW42gfsHoX9LmRLjoqnm1YEyS/t2tibL3FAsJvWv0T03JDCwePF13oItzV0lp0jJDz+xahz8aG3gkacmjzliBeXWWEo9VfxOGLsHjonj3lRSsQLfOn5k3e6lxsJG" }
Click Save.
Note: this step configures the certification used by a Web Job. Check Application Authentication Flow section for more details.
This project can be opened with the edition of Visual Studio 2017 you already have, or download and install the Community edition to run, build and/or develop this application locally.
Debug the EDUGraphAPI.Web:
-
Configure appSettings in the Web.config.
- ida:ClientId: use the Client Id of the app registration you created earlier.
- ida:ClientSecret: use the Key value of the app registration you created earlier.
- SourceCodeRepositoryURL: use the repository URL of your fork.
-
Set EDUGraphAPI.Web as StartUp project, and press F5.
GitHub Authorization
-
Generate Token
- Open https://github.com/settings/tokens in your web browser.
- Sign into your GitHub account where you forked this repository.
- Click Generate Token
- Enter a value in the Token description text box
- Select the following s (your selections should match the screenshot below):
- repo (all) -> repo:status, repo_deployment, public_repo
- admin:repo_hook -> read:repo_hook
- Click Generate token
- Copy the token
-
Add the GitHub Token to Azure in the Azure Resource Explorer
- Open https://resources.azure.com/providers/Microsoft.Web/sourcecontrols/GitHub in your web browser.
- Log in with your Azure account.
- Selected the correct Azure subscription.
- Select Read/Write mode.
- Click Edit.
- Paste the token into the token parameter.
- Click PUT
Deploy the Azure Components from GitHub
-
Check to ensure that the build is passing VSTS Build.
-
Fork this repository to your GitHub account.
-
Click the Deploy to Azure Button:
-
Fill in the values in the deployment page and select the I agree to the terms and conditions stated above checkbox.
-
Resource group: we suggest you to Create a new group.
-
Site Name: please input a name. Like EDUGraphAPICanviz or EDUGraphAPI993.
Note: If the name you input is taken, you will get some validation errors:
Click it you will get more details, like storage account is already in other resource group/subscription.
In this case, please use another name.
-
Source Code Repository URL: replace with the repository name of your fork.
-
Source Code Manual Integration: choose false, since you are deploying from your own fork.
-
Client Id: use the Client Id of the app registration you created earlier.
-
Client Secret: use the Key value of the app registration you created earlier.
-
Check I agree to the terms and conditions stated above.
-
-
Click Purchase.
Add REPLY URL to the app registration
-
After the deployment, open the resource group:
-
Click the web app.
Copy the URL aside and change the schema to https. This is the replay URL and will be used in next step.
-
Navigate to the app registration in the new azure portal, then open the setting windows.
Add the reply URL:
Note: to debug the sample locally, make sure that https://localhost:44311/ is in the reply URLs.
-
Click SAVE.
Solution Component Diagram
The top layer of the solution contains a web application and a WebJob console application.
The middle layer contains two class library projects.
The bottom layers contains the three data sources.
EDUGraphAPI.Web
This web application is based on an ASP.NET MVC project template with the Individual User Accounts option selected.
The following files were created by the MVC template, and only minor changes were made:
- /App_Start/Startup.Auth.Identity.cs (The original name is Startup.Auth.cs)
- /Controllers/AccountController.cs
This sample project uses ASP.NET Identity and Owin. These two technologies make different methods of authentication coexist easily. Familiarity with these components, in addition to ASP.NET MVC, is essential to understanding this sample.
Below are important class files used in this web project:
File | Description |
---|---|
/App_Start/Startup.Auth.AAD.cs | Integrates with Azure Active Directory authentication |
/Controllers/AdminController.cs | Contains the administrative actions: admin consent, manage linked accounts and install the app. |
/Controllers/LinkController.cs | Contains the actions to link AD and local user accounts |
/Controllers/SchoolsController.cs | Contains the actions to present education data |
This web application is a multi-tenant app. In the AAD, we enabled the option:
Users from any Azure Active Directory tenant can access this app. As this app uses some application permissions, an administrator of the tenant should sign up (consent) first. Otherwise, users would be an error:
For more information, see Build a multi-tenant SaaS web application using Azure AD & OpenID Connect.
EDUGraphAPI.SyncData
This is the WebJob used to sync user data. In the Functions.SyncUsersAsync method, UserSyncService from EDUGraphAPI.Common project is used.
The project was created to demonstrate differential query. Please check Differential query section for more details.
EDUGraphAPI.Common
The class library project is used both the EDUGraphAPI.Web and EDUGraphAPI.SyncData.
The table below shows the folders in the project:
Folder | Description |
---|---|
/Data | Contains ApplicationDbContext and entity classes |
/DataSync | Contains the UserSyncSerextensionsvice class which is used by the EDUGraphAPI.SyncData WebJob |
/DifferentialQuery | Contains the DifferentialQueryService class which is used to send differential query and parse the result. |
/Extensions | Contains lots of extension methods which simplify coding the make code easy to read |
/Utils | Contains the wide used class AuthenticationHelper.cs |
Microsoft.Education
This project encapsulates the Schools REST API client. The core class in this project is EducationServiceClient.
ASP.NET Identity uses Entity Framework Code First to implement all of its persistence mechanisms. Package Microsoft.AspNet.Identity.EntityFramework is consumed for this.
In this sample, ApplicationDbContext is created for access to the database. It inherited from IdentityDbContext which is defined in the NuGet package mentioned above.
Below are the important Data Models (and their important properties) that used in this sample:
ApplicationUsers
Inherited from IdentityUser.
Property | Description |
---|---|
Organization | The tenant of the user. For local unlinked user, its value is null |
O365UserId | Used to link with an Office 365 account |
O365Email | The Email of the linked Office 365 account |
JobTitle | Used for demonstrating differential query |
Department | Used for demonstrating differential query |
Mobile | Used for demonstrating differential query |
FavoriteColor | Used for demonstrating local data |
Organizations
A row in this table represents a tenant in AAD.
Property | Description |
---|---|
TenantId | Guid of the tenant |
Name | Name of the tenant |
IsAdminConsented | Is the tenant consented by any admin |
App-only permissions always require a tenant administrator’s consent. If your application requests an app-only permission and a user tries to sign in to the application, an error message will be displayed saying the user isn’t able to consent.
Certain delegated permissions also require a tenant administrator’s consent. For example, the ability to write back to Azure AD as the signed in user requires a tenant administrator’s consent. Like app-only permissions, if an ordinary user tries to sign in to an application that requests a delegated permission that requires administrator consent, your application will receive an error. Whether or not a permission requires admin consent is determined by the developer that published the resource, and can be found in the documentation for the resource.
If your application uses permissions that require admin consent, you need to have a gesture such as a button or link where the admin can initiate the action. The request your application sends for this action is a usual OAuth2/OpenID Connect authorization request, but that also includes the prompt=admin_consent
query string parameter. Once the admin has consented and the service principal is created in the customer’s tenant, subsequent sign-in requests do not need the prompt=admin_consent
parameter. Since the administrator has decided the requested permissions are acceptable, no other users in the tenant will be prompted for consent from that point forward.
There are 4 authentication flows in this project.
The first 2 flows (Local Login/O365 Login) enable users to login in with either a local account or an Office 365 account, then link to the other type account. This procedure is implemented in the LinkController.
Local Login Authentication Flow
O365 Login Authentication Flow
Admin Login Authentication Flow
This flow shows how an administrator logs into the system and performs administrative operations.
After logging into the app with an office 365 account, the administrator will be asked to link to local account. This step is not required and can be skipped.
As we mentioned earlier, the web app is a multi-tenant app which uses some application permissions, so an administrator of the tenant should consent the tenant first.
This flow is implemented in AdminController.
Application Authentication Flow
This flow in implemented in the SyncData WebJob.
An X509 certificate is used. For more details, please check the following links:
- Daemon or Server Application to Web API
- Authenticating to Azure AD in daemon apps with certificates
- Build service and daemon apps in Office 365
There are two distinct Graph APIs used in this sample:
Azure AD Graph API | Microsoft Graph API | |
---|---|---|
Description | The Azure Active Directory Graph API provides programmatic access to Azure Active Directory through REST API endpoints. Apps can use the Azure AD Graph API to perform create, read, update, and delete (CRUD) operations on directory data and directory objects, such as users, groups, and organizational contacts | A unified API that also includes APIs from other Microsoft services like Outlook, OneDrive, OneNote, Planner, and Office Graph, all accessed through a single endpoint with a single access token. |
Client | Install-Package Microsoft.Azure.ActiveDirectory.GraphClient | Install-Package Microsoft.Graph |
End Point | https://graph.windows.net | https://graph.microsoft.com |
API Explorer | https://graphexplorer.cloudapp.net/ | https://graph.microsoft.io/graph-explorer |
In this sample we use the classes below, which are based on a common interface, to demonstrate how the APIs are related:
The IGraphClient interface defines two method: GeCurrentUserAsync and GetTenantAsync.
MSGraphClient implement the IGraphClient interface with Microsoft Graph client libraries.
The interface and the graph client class resides in /Services/GraphClients folder of the web app. Some code is highlighted below to show how to get user and tenant.
Microsoft Graph - MSGraphClient.cs
public async Task<UserInfo> GetCurrentUserAsync()
{
var me = await graphServiceClient.Me.Request()
.Select("id,givenName,surname,userPrincipalName,assignedLicenses")
.GetAsync();
return new UserInfo
{
Id = me.Id,
GivenName = me.GivenName,
Surname = me.Surname,
Mail = me.Mail,
UserPrincipalName = me.UserPrincipalName,
Roles = await GetRolesAsync(me)
};
}
public async Task<TenantInfo> GetTenantAsync(string tenantId)
{
var tenant = await graphServiceClient.Organization[tenantId].Request().GetAsync();
return new TenantInfo
{
Id = tenant.Id,
Name = tenant.DisplayName
};
}
Note that in app registration settings, permissions for each Graph API are configured separately:
Office 365 Education APIs help extract data from your Office 365 tenant which has been synced to the cloud by Microsoft School Data Sync. These results provide information about schools, sections, teachers, students and rosters. The Schools REST API provides access to school entities in Office 365 for Education tenants.
In the sample, the Microsoft.Education Class Library project was created to encapsulate Office 365 Education API.
EducationServiceClient is the core class of the library. With it we can get education data easily.
Get schools
public async Task<School[]> GetSchoolsAsync()
{
var schools = await HttpGetArrayAsync<EducationSchool>("education/schools");
return schools.ToArray();
}
Get sections
public async Task<ArrayResult<EducationClass>> GetAllClassesAsync(string schoolId, string nextLink)
{
if (string.IsNullOrEmpty(schoolId))
{
return new ArrayResult<EducationClass>
{
Value = new EducationClass[] { },
NextLink = nextLink
};
}
else
{
var relativeUrl = $"education/schools/{schoolId}/classes?$top=12";
return await HttpGetArrayAsync<EducationClass>(relativeUrl, nextLink);
}
}
public async Task<EducationClass[]> GetMyClassesAsync(bool loadMembers = false, string expandField = "members")
{
var relativeUrl = $"education/me/classes";
// Important to do this in one round trip, not in a sequence of calls.
if (loadMembers)
{
relativeUrl += "?$expand=" + expandField;
}
var memberOf = await HttpGetArrayAsync<EducationClass>(relativeUrl);
var classes = memberOf.ToArray();
return classes;
}
Below are some screenshots of the sample app that show the education data.
In EducationServiceClient, three private methods prefixed with HttpGet were created to simplify the invoking of REST APIs.
- HttpGetAsync: sends a http GET request to the target endpoint, and returns the JSON response string. An access token is included in the bearer authentication header.
- HttpGetObjectAsync: deserializes the JSON string returned by HttpGetAsync to the target type T, and return the result object.
- HttpGetArrayAsync: deserializes the JSON string returned by HttpGetAsync to the target array type T[], and return the array.
A differential query request returns all changes made to specified entities during the time between two consecutive requests. For example, if you make a differential query request an hour after the previous differential query request, only the changes made during that hour will be returned. This functionality is especially useful when synchronizing tenant directory data with an application’s data store.
The related code is in the following two folders of the EDUGraphAPI.Common project:
- /DifferentialQuery: contains classes to send differential query and parse differential result.
- /DataSync: contains classes that are used to demonstrate how to sync users.
Note that classes in DifferentialQuery folder use some advanced .NET technologies. Please focus on the usage of these classes rather than their implementation details.
To sync users, we defined the User class:
public class User
{
public string ObjectId { get; set; }
public virtual string JobTitle { get; set; }
public virtual string Department { get; set; }
public virtual string Mobile { get; set; }
}
Notice that the changeable properties JobTitle, Department, Mobile are virtual. Classes in DifferentialQuery folder will create a proxy type for the User type and override these virtual properties for change tracking.
In UserSyncService class, we demonstrate how to use the DifferentialQueryService to send differential query and get differential result.
var differentialQueryService = new DifferentialQueryService(/**/);
DeltaResult<Delta<User>> result = await differentialQueryService.QueryAsync<User>(url);
And how to update (or delete) users in local database with the delta result:
foreach (var differentialUser in result.Items)
await UpdateUserAsync(differentialUser);
//...
private async Task UpdateUserAsync(Delta<User> differentialUser) { /**/ }
DataSyncRecord data model is used to persistent deltaLinks.
Below is the log generated by the SyncData WebJob:
In the /Infrastructure folder of the web project, there are several FilterAttributes.
EduAuthorizeAttribute
This is an authorization filter, inherited from AuthorizeAttribute.
It was created to allow the web app to redirect users to the proper login page in our multi-authentication-method scenario.
We overrided the HandleUnauthorizedRequest method to redirect the user to /Account/Login:
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new RedirectResult("/Account/Login");
}
HandleAdalExceptionAttribute
The AuthenticationHelper class exposes lots of methods that return access tokens or instance of an API client. Most of these methods invoke AuthenticationContext.AcquireTokenSilentAsync internally. Usually, AcquireTokenSilentAsync gets the access token successfully, as tokens are cached in the database by ADALTokenCache.
In some situations, like the cached token being expired or a new resource token is requested, AcquireTokenSilentAsync will throw AdalException.HandleAdalExceptionAttribute is required to handle AdalException, and navigate the user to the authentication endpoint to get a new token.
In some cases, we will redirect the user directly to the authentication endpoint by invoking:
filterContext.HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = requestUrl },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
And in other cases, we want to show the user the page below to tell the user the reason why he got redirected, especially for a user who logged in with an local account.
We use a switch to control this. The switch value is retrieved by:
//public static readonly string ChallengeImmediatelyTempDataKey = "ChallengeImmediately";
var challengeImmediately = filterContext.Controller.TempData[ChallengeImmediatelyTempDataKey];
If the value is true, we will redirect the user to the authentication endpoint immediately. Otherwise, the page above will be shown first, and user clicks the Login button to proceed.
LinkedOrO365UsersOnlyAttribute
This is another authorization filter. With it we can only allow linked users or Office 365 users to visit the protected controllers/actions.
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var applicationService = DependencyResolver.Current.GetService<ApplicationService>();
var user = applicationService.GetUserContext();
return user.AreAccountsLinked || user.IsO365Account;
}
For unauthorized user, we will show them the NoAccess page:
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new ViewResult { ViewName = "NoAccess" };
}
So far, It is only used on the SchoolsController.
Microsoft.Education
-
EducationServiceClient
: an instance of the class handles building requests, sending them to Office 365 Education API, and processing the responses.Method Description GetSchoolsAsync Get all schools that exist in the Azure Active Directory tenant GetSchoolAsync Get a school by using the object id GetAllSectionsAsync Get sections within a school GetMySectionsAsync Get my sections within a school GetSectionAsync Get a section by using the object id GetMembersAsync Get members within a school GetStudentAsync Get the current logged in user as a Student GetTeacherAsync Get the current logged in user as a Teacher
EDUGraphAPI.Common
-
Data.ApplicationUser
: an instance of the class represents a user. -
Data.Organization
: an instance of the class represents a tenant in Azure AD. -
Data.ApplicationDbContext
: DbContext class used by Entity Framework, inherited fromIdentityDbContext<ApplicationUser>
. -
DataSync.User
: an instance of the class represents a user in Azure AD. Notice that the properties used to track changes are virtual. -
DataSync.UserSyncService
: an instance of the class handles syncing users in local database with differential query. Invoke theSyncAsync
method to start sync users. -
DifferentialQuery.DifferentialQueryService
: An instance of the class handles building request, sending it to the service endpoint, and processing the responses. Invoke theQueryAsync
method with a deltaLink to start a differential query. The differential result will be converted toDeltaResult<Delta<TEntity>>
byDeltaResultParser
class. -
Utils.AuthenticationHelper
: a static helper class used to get access token, authentication result, authentication context and instances of service client.Method Description GetActiveDirectoryClientAsync Get an instance of ActiveDirectoryClient GetGraphServiceClientAsync Get an instance of GraphServiceClient GetEducationServiceClientAsync Get an instance of EducationServiceClient GetActiveDirectoryClient Get an instance of ActiveDirectoryClient from the specified AuthenticationResult GetGraphServiceClient Get an instance of GraphServiceClient from the specified AuthenticationResult GetAccessTokenAsync Get an access token of the specified resource GetAuthenticationResult Get an AuthenticationResult of the specified resource GetAuthenticationContext Get an instance of AuthenticationContext GetAuthenticationResultAsync Get an AuthenticationResult from the specified authorization code GetAppOnlyAccessTokenForDaemonAppAsync Get an App-only access token for a daemon app Most of the methods above have an argument called permission. Its type is
Permissions
, an Enum type with two defined values:Delegated
: the client accesses the web API as the signed-in user.Application
: the client accesses the web API directly as itself (no user context). This type of permission requires administrator consent.
-
Utils.AuthenticationHelper
: a static class used to build authorize URL.GetUrl
is the only method defined in the class. -
Constants
: a static class contains values of app settings and other constant values.
EDUGraphAPI.Web
-
Controllers.AccountController
: contains actions for user to register, login and change password. -
Controllers.AdminController
: implements the Admin Login Authentication Flow. Please check Authentication Flows section for more details. -
Controllers.LinkController
: implements the Local/O365 Login Authentication Flow. Please check Authentication Flows section for more details. -
Controllers.SchoolsController
: contains actions to show schools and classes.SchoolsService
class is mainly used by this controller. Please check Office 365 Education API section for more details. -
Infrastructure.EduAuthorizeAttribute
: allow the web app to redirect the current user to the proper login page in our multi-authentication-method scenario. Please check Filters section for more details. -
Infrastructure.HandleAdalExceptionAttribute
: handle AdalException and navigate user to the authorize endpoint or /Link/LoginO365Required. Please check Filters section for more details. -
Infrastructure.LinkedOrO365UsersOnlyAttribute
: only allow linked users or Office 365 users to visit the protected controllers/actions. Please check Filters section for more details. -
Models.UserContext
: context for the logged-in user. -
Services.GraphClients.AADGraphClient
: implementsIGraphClient
interface with Azure AD Graph API. Please check Two Kinds of Graph API section for more details. -
Services.GraphClients.MSGraphClient
: implementsIGraphClient
interface with Microsoft Graph API. Please check Two Kinds of Graph API section for more details. -
Services.ApplicationService.
: an instance of the class handles getting/updating user/organization.Method Description CreateOrUpdateOrganizationAsync Create or update the organization GetAdminContextAsync Get current admin's context GetCurrentUser Get current user GetCurrentUserAsync Get current user GetUserAsync Get user by id GetUserContext Get current user's context GetUserContextAsync Get current user's context GetLinkedUsers Get linked users with the specified filter IsO365AccountLinkedAsync Is the specified O365 account linked with an local account SaveSeatingArrangements Save seating arrangements UnlinkAccountsAsync Unlink the specified the account UnlinkAllAccounts Unlink all accounts in the specified tenant UpdateLocalUserAsync Update the local user with O365 user and tenant info UpdateOrganizationAsync Update organization UpdateUserFavoriteColor Update current user's favorite color -
Services.SchoolsService
: a service class used to get education data.Method Description GetSchoolsViewModelAsync Get SchoolsViewModel GetSchoolUsersAsync Get teachers and students of the specified school GetSectionsViewModelAsync Get SectionsViewModel of the specified school GetSectionDetailsViewModelAsync Get SectionDetailsViewModel of the specified section GetMyClasses Get my classes
EDUGraphAPI.SyncData
Functions
: contains theSyncUsersAsync
method which is executed regularly to sync users data.Program
: contains theMain
method which configure and start the WebJob host.
Debug the EDUGraphAPI.SyncData:
-
Create a storage account in Azure and get the connection string.
Note:
- Local debugging with Azure Storage Emulator will be supported after Azure WebJobs SDK V2 related. Please refer to Support Azure Storage Emulator for more details.
- It is not recommended to local debugging while published web job is running in the azure with the same storage account. Please check this question for more details.
-
Configure the App.config:
- Connection Strings:
- AzureWebJobsDashboard: use the connection string you got in previous step.
- AzureWebJobsStorage: use the connection string you got in previous step.
- App Settings:
- ida:ClientId*: use the Client Id of the app registration you created earlier.
- Connection Strings:
-
Set EDUGraphAPI.SyncData as StartUp project, and press F5.
- If you have any trouble running this sample, please log an issue.
- Questions about GraphAPI development in general should be posted to Stack Overflow. Make sure that your questions or comments are tagged with [ms-graph-api].
We encourage you to contribute to our samples. For guidelines on how to proceed, see our contribution guide.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Copyright (c) 2017 Microsoft. All rights reserved.