Skip to content

torbenpedersen/onedrive-sdk-dotnet-msa-auth-adapter

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

91 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Authentication Adapter for the OneDrive SDK

This library makes it easy to to consume Microsoft account and Azure Active Directory authentication for the OneDrive SDK. It provides IAuthenticationProvider imlementations for Microsoft account OAuth and ADAL authentication.

The Authentication Adapter for the OneDrive SDK Library is built as a Portable Class Library. It targets the following frameworks:

  • .NET 4.5+
  • .NET for Windows Store apps
  • Windows Phone 8.1 and higher

Installation via NuGet

To install the client library via NuGet:

  • Search for Microsoft.OneDriveSdk.Authentication in the NuGet Library, or
  • Type Install-Package Microsoft.OneDriveSdk.Authentication into the Package Manager Console.

Getting started

1. Register your application

Register your application to use Microsoft Graph API using one of the following supported authentication portals:

2. Create a Microsoft account authentication provider

var msaAuthenticationProvider = new MsaAuthenticationProvider(
        clientId,
        returnUrl,
        scopes);

The MsaAuthenticationProvider constructor has an overload that takes in client secret for platforms that support web clients.

If you are building a UWP app, you can leverage the user's signed-in account. Simply construct an OnlineIdAuthenticationProvider:

var msaAuthenticationProvider = new OnlineIdAuthenticationProvider(scopes);

This type inherits from MsaAuthenticationProvider and behaves similarly. It will also refresh the user's token as needed.

Authenticate a user

msaAuthenticationProvider.AuthenticateUserAsync();

AuthenticateUserAsync will perform the action of prompting the user with authentication UI.

2. Create an Azure Active Directory authentication provider

var adalAuthenticationProvider = new AdalAuthenticationProvider(AccountSelection.AadClientId, AccountSelection.AadReturnUrl);

The AdalAuthenticationProvider constructor has an overload that takes in client secret or client certificate for platforms that support web clients. The developer can also pass in an AuthenticationContext, in case the app is already using ADAL for authentication and would like to re-use their authentication context.

Look up service information for a user using Discovery Service

The DiscoveryServiceHelper is used to look up discovery service information for a user. It takes in an AdalAuthenticationProvider to authenticate the user for the discovery service endpoint.

var discoveryServiceHelper = new DiscoveryServiceHelper(adalAuthenticationProvider);
var businessServiceInformation = await discoveryServiceHelper.DiscoverFilesEndpointInformationForUserAsync();

Authenticate a user, with possible UI prompt

        await adalAuthenticationProvider.AuthenticateUserAsync(serviceResourceId);

Authenticate a user with refresh token

        await adalAuthenticationProvider.AuthenticateUserWithRefreshTokenAsync(refreshToken, serviceResourceId);

serviceResourceId is optional when authenticating using a refresh token. If not provided, the access token will be granted for the resource that generated the refresh token.

Authenticate a user with an authorization code

        await adalAuthenticationProvider.AuthenticateUserWithAuthorizationCodeAsync(authorizationCode, serviceResourceId);

serviceResourceId is optional when authenticating using an authorization code. If not provided, the access token will be granted for the resource that generated the code.

3. Create a Microsoft Graph client object with an authentication provider

var client = new OneDriveClient(baseUrl, authenticationProvider);

Cache sessions

MasAuthProvider can store sessions for re-use later. Make the following changes to take advantage of silent re-authentication:

  1. When constructing MsaAuthenticationProvider, provide an instantiation of ICredentialVault. A default implementation is available in CredentialVault.
  2. Instead of calling AuthenticateAsync, call RestoreMostRecentFromCacheOrAuthenticateUserAsync on the instance of MsaAuthenticationProvider.
var msaAuthProvider = new MsaAuthenticationProvider(
    clientId,
    returnUrl,
    scopes,
    /*CredentialCache*/ null,
    new CredentialVault(clientId));
authTask = msaAuthProvider.RestoreMostRecentFromCacheOrAuthenticateUserAsync();
app.OneDriveClient = new OneDriveClient(this.oneDriveConsumerBaseUrl, msaAuthProvider);

This will store the session in a secure location (encrypted on disk with the user's context, so only the current user can decrypt), and also retrieve previous sessions. If a previous session is found with a refresh token, then its redemption will be attempted before prompting the user to log in. If the refresh token is valid then the user will not see authentication UI at all.

To clear out this cache, simply call await MsaAuthenticationProvider.SignOutAsync(). The contents of the cache will be deleted.

Note: CredentialVault is not necassary if you are using OnlineIdAuthenticationProvider.

Documentation and resources

Issues

To view or log issues, see issues.

Other resources

License

Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT license

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C# 100.0%