So you have downloaded the latest version of the Graph Nuget Package and your dotnet core application is all ready to start building with the Microsoft Graph Client SDK. However, when you create the client as per the documentation, Visual Studio is complaining it can’t find the ClientCredentialProvider.
This is because it required the Microsoft Graph Auth Nuget package, which is not production ready yet. When you download the Graph Nuget it does not download this, so you would need to install it seperatly as per the github repository suggests.
However, if you do not perfer adding a non-production ready package to you production code then there is an alternative method.
This method uses the Microsoft Authentication Library for .NET (MSAL) to set up the Microsoft Graph Client using the app-only provider. In the example below I am following the Client Credentials Provider as per the Authentication Providers documentation.
First you will need the Tenant ID for the Azure Subscription you wish to use the SDK with. This can be retrieved from:
// The Azure AD tenant ID (e.g. tenantId.onmicrosoft.com)
var tenantId = "{tenant-id}";
Then you will also need the Applications Client ID and Secret. If you haven’t registered your application yet then you can follow this to get that setup and ready > https://docs.microsoft.com/en-us/graph/auth-register-app-v2. Make sure you have given the Application enough permissions on the Graph API to execute the required action for your project.
// The client ID of the app registered in Azure AD
var clientId = "{client-id}";
// Application Client Secret (Recommended this is stored safely and not hardcoded)
var clientSecret = "{client-secret}"
With this information, we can now create the MSAL client credentials to authenticate the application to Azure
var scopes = new string[] { "https://graph.microsoft.com/.default" };
var confidentialClient = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithAuthority($"https://login.microsoftonline.com/$tenantId/v2.0")
.WithClientSecret(clientSecret)
.Build();
Now we can create the Graph Client by passing the Authentication Provider as a variable. In this we are getting the Authentication Bearer Token from Azure for the application. Once we have this then we can add it to all the API requests headers for authentication.
This means when ever you use the SDK it will add this token, or a new token, to every request to authenticate the API request.
GraphServiceClient graphServiceClient =
new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {
// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
var authResult = await confidentialClient.AcquireTokenForClient(scopes).ExecuteAsync();
// Add the access token in the Authorization header of the API
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
})
);
From there you can use the Microsoft Graph SDK just as normal.
// Make a Microsoft Graph API query var users = await graphServiceClient.Users.Request().GetAsync();
For more information on the Microsoft Graphe SDK and API, you can read the GitHub Repository
you’re code has a syntax error, and won’t compile, here: async (requestMessage) = {
should be async (requestMessage) => {
LikeLiked by 1 person
Thank you for the spot on this. Updated in the post.
LikeLike
What is the request where you assign the Bearer value?
Do you mean requestMessage perhaps?
LikeLike
@ymanatos thank you for this and good spot. I have updated the code. must has been a miss copy 🙂
LikeLike