Skip to main content

Azure Active Directory - How to get access token for Office 365 from a web application or Windows Phone 8

We already saw how Azure Active Directory works does and how we can configure and access it from a WPF or Windows Store application. Unfortunately, not all the stacks that are in this moment on the market have direct support (using a library).
For example, in a WPF application we have NuGet package that can be added to the projects and use directly when we need to get a token from AD. In this moment this is not applicable for a WP8 or a ASP.NET MVC application. I expect that in the future we will have also native support, but until than we need to use direct calls.
The good news is that Active Directory implement OAuth 2 standard. This mean that if you have a library that already use OAuth 2 standard, theoretically you can only update access URL’s and everything should be fine.
The steps that needs to be done to get the access token are not very completed and easy to implement.
First step is to navigate from a browser windows to the resource URL.
[ADLoginAddress]/oauth2/authorize?response_type=code&resource=[Resource]&client_id=[ClientId]&redirect_uri=[RedirectUrl]
The above example is the default one that can be used. For example, to be able to authenticate to AD from Office 365 I used the following address:
https://login.windows.net/[MyPrivateGuid]/oauth2/authorize?api-version=1.0&response_type=code&resource=https://outlook.office365.com/&client_id=[ClientId]&redirect_uri=http://localhost/  
In the moment when we load the above URL, the AD authentication page will be displayed to the client where he needs to insert his credentials. If the authentication will be with success, a code (key) will be returned by our requests through the return URL.
In this moment the returned code (key) can be used to call the specific authority and request an authentication token. In our case the authority URL is https://login.windows.net/common/oauth2/token. The requests needs to be a POST request, where the content needs to contain the code (key), client id, redirect url and client secret key.
Content = “grant_type=authorization_code& code=[CodeFromPreviewsCall]& client_id=[ClientId] &redirect_uri=[RedirectUrl] &client_secret=[ClientSecretKey]"
If the request contains all the needed information, a JSON will be returned that will contain our token. If you are using C#, you can access the token from the result string in this way:
dynamic webToken = JsonConvert.DeserializeObject(response);
string token = webToken.access_token.ToString();
A great sample code related to this was written by Viitorio Bertocci and can be found here: http://www.cloudidentity.com/blog/2014/02/16/a-sample-windows-phone-8-app-getting-tokens-from-windows-azure-ad-and-adfs/

Comments

Popular posts from this blog

How to check in AngularJS if a service was register or not

There are cases when you need to check in a service or a controller was register in AngularJS.
For example a valid use case is when you have the same implementation running on multiple application. In this case, you may want to intercept the HTTP provider and add a custom step there. This step don’t needs to run on all the application, only in the one where the service exist and register.
A solution for this case would be to have a flag in the configuration that specify this. In the core you would have an IF that would check the value of this flag.
Another solution is to check if a specific service was register in AngularJS or not. If the service was register that you would execute your own logic.
To check if a service was register or not in AngularJS container you need to call the ‘has’ method of ‘inhector’. It will return TRUE if the service was register.
if ($injector.has('httpInterceptorService')) { $httpProvider.interceptors.push('httpInterceptorService&#…

ADO.NET provider with invariant name 'System.Data.SqlClient' could not be loaded

Today blog post will be started with the following error when running DB tests on the CI machine:
threw exception: System.InvalidOperationException: The Entity Framework provider type 'System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer' registered in the application config file for the ADO.NET provider with invariant name 'System.Data.SqlClient' could not be loaded. Make sure that the assembly-qualified name is used and that the assembly is available to the running application. See http://go.microsoft.com/fwlink/?LinkId=260882 for more information. at System.Data.Entity.Infrastructure.DependencyResolution.ProviderServicesFactory.GetInstance(String providerTypeName, String providerInvariantName) This error happened only on the Continuous Integration machine. On the devs machines, everything has fine. The classic problem – on my machine it’s working. The CI has the following configuration:

TeamCity.NET 4.51EF 6.0.2VS2013
It seems that there …

[Post-Event] Codecamp Conference Cluj-Napoca - Nov 19, 2016

Last day I was invited to another Codecamp Conference, that took place in Cluj-Napoca. Like other Codecamp Conferences, the event was very big, with more than 1.000 participants and 70 sessions. There were 10 tracks in parallel, so it was pretty hard to decide at  what session you want to join.
It was great to join this conference and I hope that you discovered something new during the conference.
At this event I talked about Azure IoT Hub and how we can use it to connect devices from the field. I had a lot of demos using Raspberry PI 3 and Simplelink SensorTag. Most of the samples were written in C++ and Node.JS and people were impressed that even if we are using Microsoft technologies, we are not limited to C# and .NET. World and Microsoft are changing so fast. Just looking and Azure IoT Hub and new features that were launched and I'm pressed (Jobs, Methods, Device Twin).
On backend my demos covered Stream Analytics, Event Hub, Azure Object Storage and DocumentDB.

Title:
What abo…