Azure Active Directory – Native app – Step by step

In continuation of my previous blog – Register an app with the Azure Active Directory v2.0 endpoint – demonstrating how to create an Application Type: Web App /API within Azure.

Create a Native app

Step 1: Create

1. Login to portal.azure.com
2. Go to Azure Active Directory > App registrations > New Application Registration
3. In the Name field, give a descriptive name
4. Choose Native
5. For Sign-on Url: Here it doesn’t matter – give https://localhost:12345
6. Click on Create.

Step 2: Configure

1. Once the App is created, click on Settings
2. Please note that here there is no way to set a Key as a Client Secret – why? the explanation is given on the difference between Native app & Web app
3. Under Required permissions, based on all available API, set all necessary permissions you need to, please note here that after settings up permissions, you/AAD Admin need to “Grant” them explicitly otherwise, it will not work.

Step 3: Take Note

1. Application ID – which is the Client ID
2. Tenant ID => Azure Active Directory > Properties > Directory ID

Native App – Usage

Here the code is straightforward:

A. Get Access Token

public static string GetAccessToken()
        {
            string AppId = "";
            string TenantId = "";
            string GraphResourceUrl = "https://graph.microsoft.com";
            string AuthorityUrl = "https://login.microsoftonline.com/" + TenantId;
            string RedirectUri = "https://localhost:12345/";

            try
            {
                AuthenticationContext authContext = new AuthenticationContext(AuthorityUrl, true);
                AuthenticationResult authResult = authContext.AcquireTokenAsync(GraphResourceUrl, AppId, new Uri(RedirectUri), new PlatformParameters(PromptBehavior.Auto)).Result;
                return authResult.AccessToken;

            }
            catch (Exception ex)
            {
            }
            return null;
        }        

B. Get GraphServiceClient

public static GraphServiceClient GetGraphClient(string graphToken)
        {
            try
            {
                DelegateAuthenticationProvider authenticationProvider = new DelegateAuthenticationProvider(
                (requestMessage) =>
                {
                    requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", graphToken);
                    return Task.FromResult(0);
                });
                return new GraphServiceClient(authenticationProvider);
            }
            catch (Exception ex)
            {
            }
            return null;
        }        

This blog post continues from a previous one about registering an app with the Azure Active Directory v2.0 endpoint. It demonstrates how to create a Native app within Azure. The process involves three main steps:

1. Create: Log in to portal.azure.com and navigate to Azure Active Directory > App registrations > New Application Registration. Provide a descriptive name, choose ‘Native’ as the type, and set the Sign-on Url as https://localhost:12345.
2. Configure: After creating the app, go to Settings. Note that there’s no option to set a Key as a Client Secret due to the difference between Native app & Web app. Under Required permissions, set all necessary permissions based on available APIs. Remember to have them explicitly granted by you or the AAD Admin.
3. Take Note: Record the Application ID (which is the Client ID) and the Tenant ID (found under Azure Active Directory > Properties > Directory ID).

The blog also provides code for using the Native App. It includes a method to get an Access Token and another to get a GraphServiceClient using the obtained token. The Access Token is acquired using the AppId, TenantId, GraphResourceUrl, AuthorityUrl, and RedirectUri. The GraphServiceClient is obtained using the graphToken and a DelegateAuthenticationProvider.