Hello,
I'm kind of overwhelmed by the whole Azure and Graph platforms and could use some advice for directions on where to look for my specific use case.
What I'm trying to accomplish is to:
- Have a C# class library that will act as a Graph client for accessing data in SharePoint/OneDrive
- Have an application (web), where user will sign-in using his Microsoft account and can use the client class library to access some data
Where only users which have permissions can do certain operations. Basically, multiple users will have access to same resources based on their individual permissions and the Graph client class library will process their requests on their behalf. (Delegated access)
This is how I define my client at the moment (Application-only access):
public SharePointClient(string tenantId, string clientId, string clientSecret, string[] scopes)
{
TenantId = tenantId;
ClientId = clientId;
ClientSecret = clientSecret;
Scopes = scopes;
}
private GraphServiceClient CreateSharepointClient()
{
var options = new TokenCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};
var clientSecretCredential = new ClientSecretCredential(
TenantId,
ClientId,
ClientSecret,
options
);
return new GraphServiceClient(clientSecretCredential, Scopes);
}
/*
... some methods that use Graph Client ...
*/
What I can do: I'm able to implement Graph Client class library that acts as Application-only access, which is registered in Azure Active Directory as application, with set permissions and generated ClientSecret
What do I want to do: Add users to my organization, set their permissions (or role?) and make the Graph Client class library to act to their behalf upon login instead of App-only access
I assume I need to create some kind of login form for my Web application that retrieves user access token, which is then provided to the Graph client so it knows which user makes the request, but I'm kind of lost in the complexity of Azure and Graph.