Get/Post/Delete Requests to Azure AD B2C

 

                     

 

As Azure AD B2C is growing to replace Authentication methodology for Microsoft Dynamics Portals as well as other Applications , there is a growing demand to handle Get/Post/Delete Requests  to Azure AD B2C via C# .Net Code.

 

Below is the Info regarding how to make API Requests to Azure B2C using simple coding approaches and Details reg Pre-release Versions.

Dll\Namespace Required to Acquire Classes to access Microsoft Graph APIs :

1.       Microsoft.Graph

2.       Microsoft.Identity.Client

 

 

 

Above mentioned dlls contain definition for IConfidentialClientApplication which can be used to get AuthProvider as shown below :

 

     IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder

            .Create(clientId)

            .WithTenantId(tenant)

            .WithClientSecret(clientSecret)

            .Build();

 

                  ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);

Problem :

ClientCredentialProvider method present in Base  Microsoft.Identity.Client Dll and it is not completely tested and recommended by Microsoft yet as it is still in PreRelease stage and we can’t use it in Production. Also , Visual Studio doesnot recognise ClientCredentialProvider class. Hence, we can proceed with below approach which provides authContext and also helps in performing Get/Delete Requests to Azure AD B2C.

 

Solution :

Set below Configurations in App.Config :

            string clientId = ConfigurationManager.AppSettings["b2c:ClientId"];

            string clientSecret = ConfigurationManager.AppSettings["b2c:ClientSecret"];

            string tenant = ConfigurationManager.AppSettings["b2c:Tenant"];

 

      // The app registration should be configured to require access to permissions

        // sufficient for the Microsoft Graph API calls the app will be making, and

            // those permissions should be granted by a tenant administrator.

            var scopes = new string[] { "https://graph.microsoft.com/.default" };

            // Configure the MSAL client as a confidential client

            var confidentialClient = ConfidentialClientApplicationBuilder

                .Create(clientId)

                .WithAuthority($"https://login.microsoftonline.com/$tenantId/v2.0")

                .WithClientSecret(clientSecret)

                .Build();

 

            // Build the Microsoft Graph client. As the authentication provider, set an async lambda

            // which uses the MSAL client to obtain an app-only access token to Microsoft Graph,

            // and inserts this access token in the Authorization header of each API request.

            GraphServiceClient graphServiceClient =

                new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {

 

                    // Retrieve an access token for Microsoft Graph (gets a fresh token if needed).

                    var authResult = await confidentialClient

                        .AcquireTokenForClient(scopes)

                        .ExecuteAsync();

 

                    // Add the access token in the Authorization header of the API request.

                    requestMessage.Headers.Authorization =

                        new AuthenticationHeaderValue("Bearer", authResult.AccessToken);

                })

                );

 

Make Either Get Request to Azure B2C or Delete Requests as shown below :

 

            // Make a Microsoft Graph API query

            graphServiceClient.Users[B2cObjectId/User-Id]

               .Request()

               .DeleteAsync();

        }

 

This helps us to fetch Client Id , Client Secret and Tenant Id from App Settings and Get Token as required and perform necessary operations using simple Requests.