-
Notifications
You must be signed in to change notification settings - Fork 1
AuthenticatingApp
This article assumes that application has been registered in Azure. See this link for more information -> Registering application
Once Azure Application has been setup and configured for consuming Exchange REST Api, easiest was to authenticate is by implementing IAuthorizationTokenProvider interface.
IAuthorizationTokenProvider has following definition:
/// <summary>
/// Authorization token provider.
/// </summary>
public interface IAuthorizationTokenProvider
{
/// <summary>
/// Construct authentication header.
/// </summary>
/// <returns></returns>
AuthenticationHeaderValue GetAuthenticationHeader();
}Simplest way to implement that interface is by consuming ADAL library -> https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/
Once nuget package has been installed in your project you can create custom IAuthorizationProvider for use against Exchange REST Api:
/// <summary>
/// Test authentication provider.
/// </summary>
internal class TestAuthenticationProvider : IAuthorizationTokenProvider
{
/// <summary>
/// Create new instance of <see cref="TestAuthenticationProvider"/>
/// </summary>
internal TestAuthenticationProvider()
{
this.ResourceUri = "https://outlook.office365.com";
}
/// <summary>
/// Resource uri.
/// </summary>
private string ResourceUri { get; }
/// <summary>
/// Retrieve token.
/// </summary>
/// <returns></returns>
private string GetToken()
{
string authority = $"https://login.microsoftonline.com/{AppConfig.TenantId}";
AuthenticationContext context = new AuthenticationContext(authority);
X509Certificate2 certFromStore = null;
using (X509Store store = new X509Store(StoreLocation.LocalMachine))
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection collection = store.Certificates.Find(
X509FindType.FindByThumbprint,
AppConfig.CertThumbprint,
false);
if (collection.Count == 1)
{
certFromStore = collection[0];
}
}
if (certFromStore == null)
{
throw new ArgumentNullException("Certificate");
}
ClientAssertionCertificate cert = new ClientAssertionCertificate(
AppConfig.ApplicationId.ToString(),
certFromStore);
AuthenticationResult token = context.AcquireTokenAsync(
this.ResourceUri,
cert).Result;
return token.AccessToken;
}
/// <inheritdoc cref="IAuthorizationTokenProvider.GetAuthenticationHeader"/>
public AuthenticationHeaderValue GetAuthenticationHeader()
{
string token = this.GetToken();
return new AuthenticationHeaderValue(
"Bearer",
token);
}
}These should be values for AppConfig keys:
- AppConfig.TenantId -> Guid of your Office 365 tenant,
- AppConfig.CertThumbprint -> Certificate thumbprint retrieved while configuring Application manifest in Azure,
- AppConfig.ApplicationId -> Guid of your application on Azure (Application ID)
Once interface implemented it can be used to provide authorization to the service:
ExchangeService exchangeService = ExchangeService(new TestAuthenticationProvider(), "testmbx@domain.com");Table of content