none
Can I login to Azure from Console App without prompt by ADAL for Net V3?

    Question

  • Hi,

    Can I login to Azure from Console App without prompt by ADAL?

    I have tried many times. But still did not find the right way.

    e.g.

    string authContextURL = "https://login.windows.net/" + "<TenantId>";
    var authenticationContext = new AuthenticationContext(authContextURL);
    var userCredential = new UserPasswordCredential("<userName>", "<password>");
    AuthenticationResult result = authenticationContext.AcquireTokenAsync("<resourceURL>", "<clientId>", userCredential).GetAwaiter().GetResult();

    I got error "Accessing WS metadata exchange failed".

    Is it possible to do this?

    Regards,

    Zhong

    Wednesday, March 15, 2017 10:20 AM

Answers

  • Yes, you can. Actually you don't need to use ADAL for this flow either (though ADAL does support it, but I can't tell from your snippet why it fails).

    Using the password grant flow directly you can do something like this to get a token:

    var domain = “contoso.onmicrosoft.com”;
    var user = “bob@contoso.com”;
    var pw = “”;
    var clientId = “guid”;
    var resource = “https://graph.microsoft.com";
    HttpClient client = new HttpClient();
    string requestUrl = $”https://login.microsoftonline.com/{domain}/oauth2/token";
    string request_content = $”grant_type=password&resource={resource}&client_id={clientId}&username={user}&password={pw}&scope=openid+Mail.Send”;
    HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, requestUrl);
    try
    {
     request.Content = new StringContent(request_content, Encoding.UTF8, “application/x-www-form-urlencoded”);
    }

    • Marked as answer by Zhong Guan Thursday, March 23, 2017 8:46 AM
    Wednesday, March 15, 2017 3:27 PM

All replies

  • Yes, you can. Actually you don't need to use ADAL for this flow either (though ADAL does support it, but I can't tell from your snippet why it fails).

    Using the password grant flow directly you can do something like this to get a token:

    var domain = “contoso.onmicrosoft.com”;
    var user = “bob@contoso.com”;
    var pw = “”;
    var clientId = “guid”;
    var resource = “https://graph.microsoft.com";
    HttpClient client = new HttpClient();
    string requestUrl = $”https://login.microsoftonline.com/{domain}/oauth2/token";
    string request_content = $”grant_type=password&resource={resource}&client_id={clientId}&username={user}&password={pw}&scope=openid+Mail.Send”;
    HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, requestUrl);
    try
    {
     request.Content = new StringContent(request_content, Encoding.UTF8, “application/x-www-form-urlencoded”);
    }

    • Marked as answer by Zhong Guan Thursday, March 23, 2017 8:46 AM
    Wednesday, March 15, 2017 3:27 PM
  • you can even log in as the application itself, and need not enter user name and password altogether. To do so you need to generate a key for you app in Azure AD, and set it to never expire (or expire in 1 or 2 years).

    With that key you can either use ADAL to get the access token or use HTTP request directly (as shown here -> https://developer.microsoft.com/en-us/graph/docs/authorization/app_only).


    Using ADAL

    var oAuth2TokenEndpoint = "https://login.windows.net/<your-renant-id-here>/oauth2/token"; var authConext = new AuthenticationContext(oAuth2TokenEndpoint, false); var authResult = authConext.AcquireTokenAsync(resource, new ClientCredential(clientId, secret)); authResult.Wait(); var accessToken = authResult.Result.AccessToken;



    If this post answers your question, please mark it as an answer. If this post is helpful to you, then vote it as helpful.
    TechyFreak | Mobile Development Resources

    Wednesday, March 15, 2017 4:15 PM
  • you can even log in as the application itself, and need not enter user name and password altogether. To do so you need to generate a key for you app in Azure AD, and set it to never expire (or expire in 1 or 2 years).


    True, though that doesn't work for all apps, or rather - if it is a console app installed on a client pc the client credentials flow usually should not be used.
    Wednesday, March 15, 2017 7:53 PM