In this video, learn how to get the access token with the user ID with the help of the TokenCache.
- [Narrator] So now we need to make changes to our controller, UsersController, which, remember, we're reading mail. We should call it MailController, but that's just a naming issue. And the change we need to make here is twofold. And one change, we've already made. So let me start with the easy part. Actually, both are easy, but the simplest change to make is that the URL we're calling now is different. So, we've already done that, it was failing because the AccessToken did not have the user's identity.
But outside of that, this URL is correct, so from here onwards, everything looks correct. What we do need to fix, however, is this whole code here, where we are actually getting the AccessToken, okay? So, I need to remove this much, and actually I need to make some changes here as well. So, all the code that I use to get the AccessToken, let's just remove it. And now, let's talk writing code with which I can get an AccessToken with the user's identity in it.
Okay, let's start here. The authority looks alright. Okay, now the next thing I need to do is that I need to get a hold of the userObjectID, because, think of it this way, that when I create the AuthenticationContext, I need to do it with the help of the cache, and the cache needs the User ID. So, let's go ahead and get that Claim, which gives me the userObjectID. Let's fix this using as well.
So this Claim over here, the value of that Claim gives me the userID. Wonderful. Next, I need to create the off context, but instead of parsing in just the authority, I will also parse in the tokenCache. And common sense is great. You see the validateAuthority part? Usually, if you are targeting ADFS, of course Microsoft graph is not available with on-premises ADFS today, but if you were authenticating, I guess, ADFS you would set evaluate authority false, at least right now, that's the case that with ADFS, authority evaluation is not supported.
Idle is extremely, extremely customizable. Okay, tokenCache. So, the tokenCache that we need to use is new DictionaryCache, and let's parse in the userObjectID. Okay, so we have the tokenCache. Next, we have this AuthResult. We'll fill in the value for this in a second. But the next thing I need to do is that I need to formulate a ClientCredential, and this is just like before, ClientCredential, let's call it credential, is it called a new ClientCredential, and this is clientID and appKey, so just like before.
And next, I'm going to get the AuthResult, in other words, actually do the authentication. Now, notice that in StartUp I actually have already done the authentication, so this time I'll just say result is equal to await, so that's the AuthResult, is got to await authContext dot AcquireTokenSilentAsync. We don't want to re-authenticate here. And then here I need to parse in the resource, so the resource will be https slash slash graph dot microsoft dot com, comma, well, we need to use a different overlord, so we'll say credential and next we need to parse in a user identifier, so I'll say new UserIdentifier with userObjectID, and UserIdentifierType UniqueID.
And this should give me my AuthResult. So, now that we've done the authentication, next I simply make the https call just like before, result dot AccessToken in the header, and this call hopefully should succeed.
- What is Microsoft Graph?
- Registering a web application in Azure AD
- Adding authentication logic and authentication UI
- Native applications calling Graph
- Reviewing scenarios where web apps involving Graph are useful
- Web applications with application identity and delegated identity calling Graph
- Daemons calling Graph