Quickstart: Sign in users and call Microsoft Graph in a Windows desktop app
Welcome! This probably isn't the page you were expecting. While we work on a fix, this link should take you to the right article:
Quickstart: Sign in users and call Microsoft Graph in a Windows desktop app
We apologize for the inconvenience and appreciate your patience while we work to get this resolved.
Quickstart: Acquire a token and call the Microsoft Graph API from a Windows desktop application
In this quickstart, you download and run a code sample that demonstrates how a Windows Presentation Foundation (WPF) application can sign in users and get an access token to call the Microsoft Graph API.
See How the sample works for an illustration.
Step 1: Configure your application in Azure portal
For the code sample in this quickstart to work, add a Redirect URI of https://login.microsoftonline.com/common/oauth2/nativeclient
and ms-appx-web://microsoft.aad.brokerplugin/{client_id}
.
Your application is configured with these attributes.
Step 2: Download your Visual Studio project
Run the project using Visual Studio.
Tip
To avoid errors caused by path length limitations in Windows, we recommend extracting the archive or cloning the repository into a directory near the root of your drive.
Step 3: Your app is configured and ready to run
We have configured your project with values of your app's properties and it's ready to run.
Note
Enter_the_Supported_Account_Info_Here
More information
How the sample works
MSAL.NET
MSAL (Microsoft.Identity.Client) is the library used to sign in users and request tokens used to access an API protected by Microsoft identity platform. You can install MSAL by running the following command in Visual Studio's Package Manager Console:
Install-Package Microsoft.Identity.Client -IncludePrerelease
MSAL initialization
You can add the reference for MSAL by adding the following code:
using Microsoft.Identity.Client;
Then, initialize MSAL using the following code:
IPublicClientApplication publicClientApp = PublicClientApplicationBuilder.Create(ClientId)
.WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient")
.WithAuthority(AzureCloudInstance.AzurePublic, Tenant)
.Build();
Where: | Description |
---|---|
ClientId |
Is the Application (client) ID for the application registered in the Azure portal. You can find this value in the app's Overview page in the Azure portal. |
Requesting tokens
MSAL has two methods for acquiring tokens: AcquireTokenInteractive
and AcquireTokenSilent
.
Get a user token interactively
Some situations require forcing users interact with the Microsoft identity platform through a pop-up window to either validate their credentials or to give consent. Some examples include:
- The first time users sign in to the application
- When users may need to reenter their credentials because the password has expired
- When your application is requesting access to a resource that the user needs to consent to
- When two factor authentication is required
authResult = await App.PublicClientApp.AcquireTokenInteractive(_scopes)
.ExecuteAsync();
Where: | Description |
---|---|
_scopes |
Contains the scopes being requested, such as { "user.read" } for Microsoft Graph or { "api://<Application ID>/access_as_user" } for custom web APIs. |
Get a user token silently
You don't want to require the user to validate their credentials every time they need to access a resource. Most of the time you want token acquisitions and renewal without any user interaction. You can use the AcquireTokenSilent
method to obtain tokens to access protected resources after the initial AcquireTokenInteractive
method:
var accounts = await App.PublicClientApp.GetAccountsAsync();
var firstAccount = accounts.FirstOrDefault();
authResult = await App.PublicClientApp.AcquireTokenSilent(scopes, firstAccount)
.ExecuteAsync();
Where: | Description |
---|---|
scopes |
Contains the scopes being requested, such as { "user.read" } for Microsoft Graph or { "api://<Application ID>/access_as_user" } for custom web APIs. |
firstAccount |
Specifies the first user in the cache (MSAL support multiple users in a single app). |
Help and support
If you need help, want to report an issue, or want to learn about your support options, see Help and support for developers.
Next steps
Try out the Windows desktop tutorial for a complete step-by-step guide on building applications and new features, including a full explanation of this quickstart.