Get/Post/Delete Requests to Azure AD
B2C
As Azure AD B2C is growing to replace Authentication
methodology for Microsoft Dynamics Portals as well as other Applications ,
there is a growing demand to handle Get/Post/Delete Requests to Azure AD B2C via C# .Net Code.
Below is the Info regarding how to make API
Requests to Azure B2C using simple coding approaches and Details reg
Pre-release Versions.
Dll\Namespace
Required to Acquire Classes to access Microsoft Graph APIs :
1. Microsoft.Graph
2. Microsoft.Identity.Client
Above mentioned dlls contain
definition for IConfidentialClientApplication which can be used to get
AuthProvider as shown below :
IConfidentialClientApplication confidentialClientApplication =
ConfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenant)
.WithClientSecret(clientSecret)
.Build();
ClientCredentialProvider authProvider = new
ClientCredentialProvider(confidentialClientApplication);
Problem :
ClientCredentialProvider method present in Base Microsoft.Identity.Client Dll and it is not completely tested and recommended by Microsoft yet as it is still in PreRelease stage and we can’t use it in Production. Also , Visual Studio doesnot recognise ClientCredentialProvider class. Hence, we can proceed with below approach which provides authContext and also helps in performing Get/Delete Requests to Azure AD B2C.
Solution :
Set below Configurations in App.Config :
string clientId = ConfigurationManager.AppSettings["b2c:ClientId"];
string clientSecret =
ConfigurationManager.AppSettings["b2c:ClientSecret"];
string tenant = ConfigurationManager.AppSettings["b2c:Tenant"];
// The app registration should be configured to require access to
permissions
//
sufficient for the Microsoft Graph API calls the app will be making, and
// those permissions should be granted by a tenant administrator.
var scopes = new string[] { "https://graph.microsoft.com/.default" };
// Configure the MSAL client as a confidential client
var confidentialClient =
ConfidentialClientApplicationBuilder
.Create(clientId)
.WithAuthority($"https://login.microsoftonline.com/$tenantId/v2.0")
.WithClientSecret(clientSecret)
.Build();
// Build the Microsoft Graph client. As the authentication
provider, set an async lambda
// which uses the MSAL client to obtain an app-only access token
to Microsoft Graph,
// and inserts this access token in the Authorization header of each
API request.
GraphServiceClient
graphServiceClient =
new GraphServiceClient(new
DelegateAuthenticationProvider(async (requestMessage) => {
// Retrieve an access token for Microsoft Graph (gets a fresh token
if needed).
var
authResult = await confidentialClient
.AcquireTokenForClient(scopes)
.ExecuteAsync();
// Add the access token in the Authorization header of the API
request.
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer",
authResult.AccessToken);
})
);
Make Either Get Request to Azure
B2C or Delete Requests as shown below :
// Make a Microsoft Graph API query
graphServiceClient.Users[B2cObjectId/User-Id]
.Request()
.DeleteAsync();
}
This helps us to fetch Client Id , Client Secret and
Tenant Id from App Settings and Get Token as required and perform necessary
operations using simple Requests.