AuthenticationContext.AcquireTokenAsync

Question

I would like to be programmatically able to get a token from Azure.

I call GetAToken().Wait(); and it fails.

and the method is:

public async Task<string> GetAToken()
{
    // authentication parameters
    string clientID = "*********";
    string username = "<azure login>";
    string password = "<azure login password>";
    string directoryName = "<AD Domain name>";

    ClientCredential cc = new ClientCredential(clientID, password);
    var authenticationContext = new AuthenticationContext(
           "https://login.windows.net/" + directoryName);

    AuthenticationResult result = await authenticationContext.AcquireTokenAsync(
           "https://management.core.windows.net/", cc);

    if (result == null)
    {
        throw new InvalidOperationException("Failed to obtain the JWT token");
    }

    string token = result.AccessToken;

    return token;
}

Answer 1

So not sure if you are doing this on Android, iOS or Xamarin.Forms. Below is how I will authenticate with ADAL and Azure (the code is working on my end):

On Android:

public async Task<AuthenticationResult> Authenticate(Activity context, string authority, string resource, string clientId, string returnUri)
{
    var authContext = new AuthenticationContext(authority);
    if (authContext.TokenCache.ReadItems().Any())
        authContext = new AuthenticationContext(authContext.TokenCache.ReadItems().First().Authority);

    var uri = new Uri(returnUri);
    var platformParams = new PlatformParameters(context);
    try
    {
        var authResult = await authContext.AcquireTokenAsync(resource, clientId, uri, platformParams);
        return authResult;
    }
    catch (AdalException e)
    {
        return null;
    }
}

On iOS:

public async Task<AuthenticationResult> Authenticate(UIViewController controller, string authority, string resource, string clientId, string returnUri)
    {
        var authContext = new AuthenticationContext(authority);
        if (authContext.TokenCache.ReadItems().Any())
            authContext = new AuthenticationContext(authContext.TokenCache.ReadItems().First().Authority);

        var controller = UIApplication.SharedApplication.KeyWindow.RootViewController;
        var uri = new Uri(returnUri);
        var platformParams = new PlatformParameters(controller);

        try
        {
            var authResult = await authContext.AcquireTokenAsync(resource, clientId, uri, platformParams);
            return authResult;
        }
        catch (AdalException e)
        {
            return null;
        }
    }

On UWP:

public async Task<AuthenticationResult> Authenticate(string authority, string resource, string clientId, string returnUri)
{
    var authContext = new AuthenticationContext(authority);
    if (authContext.TokenCache.ReadItems().Any())
        authContext = new AuthenticationContext(authContext.TokenCache.ReadItems().First().Authority);

    var uri = new Uri(returnUri);
    var platformParams = new PlatformParameters(PromptBehavior.Auto);
    try
    {
        var authResult = await authContext.AcquireTokenAsync(resource, clientId, uri, platformParams);
        return authResult;
    }
    catch (AdalException e)
    {
        return null;
    }
}

Variable that I pass into the methods above:

string authority = "https://login.windows.net/common";
string ResourceID = "Backend ClientId";//Backend (web app)
string clientId = "Native App ClientId";//native app
string returnUri = "https://{My Azure Site}.azurewebsites.net/.auth/login/done";

If you want to do this in Xamarin.Forms, below are links to my GitHub solution where I have exposed these methods through the DependencyService.

• PCL implementation
• iOS implementation
• Android Implementation

I hope this helps! If you get any errors from your response, check to make sure you have your permissions setup in Azure correctly. I do it like this. Another great resource is Adrian Hall's Xamarin/Azure book

EDIT: Added UWP stuff

Answer 2

If what you are trying to do is call the Azure APIs as you, there are a few things you should do differently.

1. Create an app in Azure AD that has permissions to access the Azure API
   1. If you want to call Service Management API, then add that as a permission
      1. You could also alternatively use a management certificate
   2. If you want to call Resource Management API, then add the permissions needed to the service principal through the new Portal
2. If you chose the delegated way for Service Management API (the first option), then you will have to either:
   1. Have the user authenticate against Azure AD with the Authorization Code Grant flow
   2. Or get the access token using the Password grant flow (you can see an example of this in another answer
3. If instead you chose a management certificate or giving the permissions to the service principal, then you can get the access token directly from Azure AD using the Client credentials grant flow

In the end you will always end up with an access token that you can use for calling the API.

Answer 3

IF you're using the wrappers, ensure to have the correct version-Microsoft.IdentityModel.Clients.ActiveDirectory -Version 2.21.301221612. Once referenced, you can run this below. For alternatives, see this blog: https://samtran.me/2018/11/11/power-bi-rest-api/

Answer 4

If you are also running into issue on Android where device rotation returns you back to prompt for user email, you can follow up progress of fixes for both ADAL and MSAL here:

https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1622 https://github.com/xamarin/xamarin-android/issues/3326