Using MSAL in a machine-to-machine scenario as a CSP

358 views Asked by At

I am trying to use the GraphAPI using the official nuget library (https://github.com/microsoftgraph/msgraph-sdk-dotnet). However, the authentication process is not trivial and not very well documented.

I am in a CSP partner in a machine-to-machine scenario, so there is no UI application with a redirect url where a user manually enter it's credentials to consent access. But it seems to be the unique scenario well documented or available in the samples I found... Even the official CSP documentation is not clear (https://developer.microsoft.com/en-us/graph/docs/concepts/auth_cloudsolutionprovider).

I previously used many other APIs in production (and TIP environment) as a CSP like MSOL, CrestAPI and AzureGraph, so all the configuration and registration of the application is not a problem.

Is it possible to use MSAL as a CSP in a machine-to-machine scenario? Is there any documentation or sample available for my use case?

UPDATE

I think I am on the good path.

First, I had to register my app on apps.dev.microsoft.com. My apps were previously registered on portal.azure.com. Looks like AzureAD and Graph had different requirements related to where applications must be registered.

Second, I use the sample here: https://github.com/Azure-Samples/active-directory-dotnet-daemon-v2 .

Third, I am able to call the Graph API when I provide my CSP TenantId. However, when I try to call the Graph API using the TenantId of one of the tenant I manage, I got a:

{  "error": {
"code": "Authorization_IdentityNotFound",
"message": "The identity of the calling application could not be established.",
"innerError": {
  "request-id": "7cab3137-b3e7-4622-9123-e47f2c018c56",
  "date": "2017-09-04T14:48:34"
} } }

(I cannot have the consent page in my use case so I tried to pre-consent my app for all consumers using: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_cloudsolutionprovider)

1

There are 1 answers

3
Daniel Dobalian On

You can use MSAL to perform the auth required for the Graph SDK. There are some code snippets of using the .NET Graph SDK with the MSAL, but your best bet is the Connect Sample that shows this in a working app.

For a complete guided sample of how to use MSAL and what the library does, checkout the MSAL .NET Desktop Sample.