Blazor Server GraphServiceClient

Question

Blazor Server GraphServiceClient

Matthew Holton 331

I am looking enable MicrosoftGraph in my Blazor server hosted application.
From what I gather, I am no longer able to simply use .AddMicrosoftGraph because IAuthencationProvidedr is no longer available. Beyond that, the docs aren't real clear as to what I am supposed to do.
Creating an instance of GraphServiceClient using AddMicrosoftGraph produces an error: Cannot load Type Microsoft.Graph.IAuthenticationProviderOption. Creating an instance of GraphServiceClient using InteractiveBrowserCredential produces an error: AADST65002. intended usage: public class UserManagerService{ public UserManagerService(DatabaseAccess access, GraphServiceClient graphClient){...} public void CreateGuestAccount(GuestAccountInfo info){ //Check has guest create permission in AD //Create invitation in AD //Create guest user in AD //Map user in database } } Anyone have any guidance on this? See: https://github.com/microsoftgraph/msgraph-sdk-dotnet/blob/dev/docs/upgrade-to-v5.md

1 answer

Your answer

Answer 1

Bruce (SqlWork.com) 77,686 Volunteer Moderator

GraphApi uses oauth access tokens. To call graph api you need to register your server application:

https://learn.microsoft.com/en-us/graph/auth-register-app-v2

Depending on the use case:

the blazor app can registered with a service account, and have its own access token and permission:

https://learn.microsoft.com/en-us/graph/auth-v2-service

the blazor app can be registered and use the users access token.

https://learn.microsoft.com/en-us/graph/auth-v2-user

sample using REST api rather than client sdk (but you can use the sdk)

https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-blazor-server.

note: when using Microsoft identity with blazor server, the authentication is done outside the blazor app by .net core middleware. the token will be stored in a cache. if on a webform, you will need a distributed cache.

Matthew Holton 331

Bruce, I appreciate your response. I think the challenge I am having is specifically with the v5 of Graph. And I am looking for the correct recipe to implement, or perhaps I have it and the lightbulb is just not going off for me. In my startup I have:

builder.Services.AddAuthentication(...)
.AddMicrosoftIdentityWebApp(options => {
  options.UseTokenLifeTime = false;
  options.Events.OnuserInformationRecieved...
  options.Events.OnTicketRecieved...
  options.Events.OnTokenValidated...
})
.EnableTokenAcquisitionToCallDownstreamAPI(initialScopes)
//removed due to v5 of Graph
//.AddMicrosoftGraph(builder.Configuration.GetSection("GraphSettings")
.AddDistributedTokenCaches();

//TODO: Add scoped service for GraphServiceClient
/*
  Use Access TokenProvider
  https://stackoverflow.com/questions/75604903/delegateauthenticationprovider-not-found-after-updating-microsoft-graph
*/

builder.Services.AddScoped<GraphServiceClient>( async serviceProvider => {
  //InteractiveBrowserCrentialOptions  and InteractiveBrowser reports error -> consent too late

  //var ta = serviceProvider.GetRequiredService<ITokenAcquisition>();
  //var token = await ta.GetTokenForUserAsync(initialScopes);

  //Need a requestMessage and DelegateAuthenticationProvider

  return null;
});

Now that I have removed Graph from this chain, I need to provide a way to add it back to my DI container so my service classes may leverage it.

The scopes I need to enable are:

User.Read.All
User.ReadWrite.All (needed by admins)
Directory.ReadWrite.All (needed by admins)

It appears that I have a couple options. Though it is not clear how to add any of these into the DI. All examples that I've seen to this effect require the use of Microsoft.Graph.Auth which has been deprecated.

this is for my service layer, not for razor components

public class UserManagerService
{  
  private readonly GraphServiceClient _graphClient;
  private readonly DataAccess _access;

  public void CreateGuestAccount(GuestAccountInfo info){

     //USING GRAPH API
     //CHECK IF USER CAN CREATE GUEST ACCOUNTS
     //CHECK IF INVITATION EXISTS
     //CREATE INVITATION
     //CREATE USER

     //USING DATABASE
     //CACHE IN DB

  }
}

Share via

Blazor Server GraphServiceClient

1 answer

Your answer