| languages | products | page_type | description | ||||
|---|---|---|---|---|---|---|---|
|
|
sample |
A sample that shows how to protect an ASP.NET Core Web API using Microsoft Identity Platform. |
In this scenario, we would be protecting a Web API using the Microsoft Identity Platform. This will ensure that the Web API is only accessible to authenticated users. In these samples we would work with Apps who authenticate users using both Work and School accounts or Microsoft Personal accounts (formerly live account).
We will also enrich the Web API to use the on-behalf of flow to call other Web APIs protected by the Microsoft Identity Platform.
- Install .NET Core for Windows by following the instructions at dot.net/core, which will include Visual Studio 2019.
- An Internet connection
- An Azure Active Directory (Azure AD) tenant. For more information on how to get an Azure AD tenant, see How to get an Azure AD tenant
- A user account in your Azure AD tenant, or a Microsoft personal account
From your shell or command line:
git clone https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2.gitGiven that the name of the sample is pretty long, that it has sub-folders and so are the name of the referenced NuGet packages, you might want to clone it in a folder close to the root of your hard drive, to avoid file size limitations on Windows.
This repository contains a progressive tutorial made up of the following chapters:
| Sub folder | Description |
|---|---|
| 1. Desktop app calls a protected Web API | In the first chapter, we would protect an ASP.Net Core Web API using the Microsoft Identity Platform. The Web API will be protected using Azure Active Directory OAuth Bearer Authorization. The Web API is called by a .NET Desktop WPF application. In this chapter, the desktop application uses the Microsoft Authentication Library for .NET (MSAL.NET) to sign-in the user to acquire an Access Token for the protected Web API.  |
| 2. Web API now calls Microsoft Graph | In the second chapter we enhance the Web API to call Microsoft Graph using the on-behalf flow to represent the user signed-in in the desktop application to Microsoft Graph. In this chapter, the Web API uses the MSAL.NET to acquire an Access Token for Microsoft Graph using the on-behalf-of flow  |
| 3.-Web API and client share the same app id and signs-in MSA users | In the third chapter, we present another pattern where a tightly-knit client and Web API share the same client id (app id). In this one we will sign-in users with Microsoft Personal Accounts. The sign-in flow and the call to Web API uses the same flow as chapter 2.  |
| 4. Client app calls a Web API with Proof of Possession(PoP) | In this chapter, the ASP.NET Core Web API is expecting an Access Token with a Proof of Possession key. |
Note: We advise you to follow the tutorial in the order presented, but you can still try out individual chapters if you so wish.
- Start with the chapter 1. Desktop app calls Web API where you will learn how to protect a Web API with the Azure AD.
Use Stack Overflow to get support from the community.
Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before.
Make sure that your questions or comments are tagged with [msal dotnet].
If you find a bug in the sample, please open an issue on GitHub Issues.
To provide a recommendation, visit the following User Voice page.
If you'd like to contribute to this sample, see CONTRIBUTING.MD.
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
- Other samples for Microsoft identity platform are available from https://aka.ms/aaddevsamplesv2
- The conceptual documentation for MSAL.NET is available from https://aka.ms/msalnet
- the documentation for identity platform is available from https://aka.ms/aadv2