Azure Active Directory Graph Client Library 1.0
We are happy to announce the general availability of Azure Active Directory (AAD) Graph Client Library 1.0. The goal of this library is to simplify .NET developer experience to write an application that leverages Azure AD through Graph API. The library supports all the capabilities exposed by the Graph API version 2013-11-08 and it is available as a NuGet package at https://www.nuget.org/packages/Microsoft.Azure.ActiveDirectory.GraphClient/1.0.2
To install Graph Client, run the following command in the Package Manager Console
PM> Install-Package Microsoft.Azure.ActiveDirectory.GraphClient
The need for a client library.
Consuming the Graph API directly (using raw web requests) can be tedious and error prone and also preparing the request for some advanced queries is non-trivial. Another popular option to consume OData services is to use Microsoft.Data.Services.Client (WCF Data Services) which could add unnecessary complexity to the application logic. Azure Graph client library provides a simple way to access Graph and it is the recommended way to access Azure AD.
How to make a request.
The library contains definitions for all the Graph entities available along with all their properties. All the client library functions are exposed through the GraphConnection class. To initialize a new connection, you need to provide an access token, which can be obtained using Azure Authentication Library.
GraphConnection graphConnection = new GraphConnection(accessToken);
There are several operations available on GraphConnection for various operations including,
- Create/Get/List/Update/Delete operations on entities like User/Group/Application/Permission, etc.
- TenantDetail GetTenantDetails()
- T Get<T>(string uniqueIdentifier)
- IList<T> List<T>(string pageToken, FilterGenerator filter)
- T Update<T>(GraphObject)
Delete<T>(GraphObject)
- Add/Remove/List link/navigation properties (Members, Manager, etc) on an entity (User/Group etc.)
- PagedResults<GraphObject> GetLinkedObjects(GraphObject graphObject, LinkProperty linkProperty, string nextPageToken)
- IList<GraphObject> GetAllDirectLinks(GraphObject graphObject, LinkProperty linkProperty)
- AddLink(GraphObject sourceObject, GraphObject targetObject, LinkProperty linkProperty, bool isSingleValued)
- DeleteLink(GraphObject sourceObject, GraphObject targetObject, LinkProperty linkProperty, bool isSingleValued)
- Batch operations (up to 5 operations can be batched together)
- ExecuteBatch(params Expresssion<Action>[])
- Get/Set stream properties on any supported entity.
- Stream GetStreamProperty(GraphObject graphObject, GraphProperty graphProperty, string acceptType)
- SetStreamProperty(GraphObject graphObject,GraphProperty graphProperty, MemoryStream memoryStream, string contentType
- Perform actions like AssignLicense/GetMemberGroups/CheckMemberGroups/IsMemberOf, etc.
- IList<string> GetMemberGroups(User user, bool securityEnabledOnly)
- IList<string> CheckMemberGroups(GraphObject graphObject, IList<string> groupIds)
- User AssignLicense(User user, IList<AssignedLicense> addLicenses, IList<Guid> removeLicenses)
- bool IsMemberOf(string groupId, string memberId)
Extending Graph Client Library in your application.
Most APIs has overloads to meet different requirements and GraphConnection can be extended to add custom behavior or override specific methods. The sources are available at <Temporarily Removed>, please fork and contribute. We welcome your pull requests.
Feedback Welcome.
The following are our priorities in relation to the next official releases of the library. We welcome any feedback.
- Support Linq expressions as query model.
- Support Async model.
- Support a “preview” version that targets the latest Graph API preview version (for example, support extensions for 1.21-preview version).
- Support connection pooling.
- Support iOS and Android platforms.
Samples.
The console application - https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet and a web application - https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet shows how to use this library.
In part 2 of this blog, we will talk in detail about each of the APIs with a complete API reference.
Thanks
Pavan Kompelli
Vijay Srirangam
Edward Wu
Azure Active Directory Team
Comments
- Anonymous
June 03, 2014
My comment is not actually directly related to this Client Library, but great to see you utilizing more and more Graph REST api.I have a few feature requests.When do we have ability to do basic exchange tasks using graph api, like modify proxyAddresses attribute and create/modify exchange distribution lists?Another feature what I would like to see in Graph api is the ability do some Intune tasks, like assign application/policy to a device, wipe out a mobile device and read a device attributes. - Anonymous
June 03, 2014
Thank you for the feedback Ilkka. Right now the library can only be used to interact with Azure Active Directory. - Anonymous
June 03, 2014
I'm just curious why fields such as mailNickname and password are required in the User API when they aren't required in New-MsolUser? - Anonymous
June 04, 2014
Paul, Graph library uses REST endpoint and follows the reference - msdn.microsoft.com/.../dn130117.aspx. Powershell uses a different endpoint which sets a default mailNickname and generates a default password as a part of the API. - Anonymous
June 05, 2014
Re: "To initialize a new connection, you need to provide an access token, which can be obtained using Azure Authentication Library."I am developing a web service using Web API and OWIN. My service needs to read from and write to AAD, so GraphClient is a natural fit. Given that I've secured my service such that it requires HTTP Bearer auth (via OWIN's IAppBuilder.UseWindowsAzureActiveDirectoryBearerAuthentication), how do I obtain the access token necessary to use a GraphConnection? Note that my service is registered in AAD as an "application". - Anonymous
June 05, 2014
I figured it out. I needed to create an ADAL ClientCredential using my service's key (aka client secret), and then call AuthenticationContext.AcquireToken with that credential and the Graph API endpoint. - Anonymous
June 05, 2014
Hi Kune, Please take a look at the web app sample - github.com/.../WebApp-GraphAPI-DotNet which shows how to use OWIN with Graph Client Library. - Anonymous
June 15, 2014
Hi!I'm struggling adding new users with Norwegian special chars in names and addresses (such as my own: Jørgen). The input file I'm reading the users from is UTF-8 encoded and the console output looks all good. I have also tried to do some encoding both in File.ReadAllLines method and UTF-8 encode all strings I'm adding to the User class. But still unable to add to Azure AD. Any clue? - Anonymous
June 19, 2014
Hi Jørgen, Sorry for the late reply. It looks like an issue with the way the library is encoding non ASCII characters. We will fix the issue and update the nuget package. - Anonymous
June 22, 2014
Great, thanks! I have also been looking into extending the Azure Active Directory Schema. Will this be possible using this .NET Client Library anytime in the feature? - Anonymous
June 25, 2014
This is a great addition. Will I need to re-write code rather than updating references if moving from the 2013_04_05 helpers to this? - Anonymous
June 26, 2014
The comment has been removed - Anonymous
July 11, 2014
Jørgen,We have updated the nuget package (1.0.3) with the fix. Please try and let us know if it fixes your issue. Since the schema extensions are in preview state, graph client library does not currently support this feature completely. However you can get/set extension values on an object by using GraphObject.NonSerializedProperties or the indexer of GraphObject (user["extension..."] = "value"). - Anonymous
July 11, 2014
Steve,Graph client library offers a different programming model. You might have to tune the existing code accordingly. - Anonymous
July 11, 2014
Saji,I just tried with the following and was able to add a Device using the library - Device device = new Device(); device.AccountEnabled = true; device.DisplayName = Guid.NewGuid().ToString("N"); AlternativeSecurityId altSecId = new AlternativeSecurityId(); altSecId.Key = Guid.NewGuid().ToByteArray(); altSecId.Type = 2; altSecId.IdentityProvider = null; device.AlternativeSecurityIds.Add(altSecId); device.DeviceId = Guid.NewGuid(); device.DeviceOSType = Guid.NewGuid().ToString("N"); device.DeviceOSVersion = Guid.NewGuid().ToString("N"); device = graphConnection.Add(device);Please see msdn.microsoft.com/.../dn151674.aspx to learn more about each property. - Anonymous
July 13, 2014
Pavan,Version 1.0.3 works like a charm on Norwegian (non ASCII) chars. I will look into your suggestion on extending the schema. Thanks! - Anonymous
September 17, 2014
This is awesome. However, I have a need for Windows Phone 8.1 (C#/XAML) and more generally Windows Store apps. This library doesn't work for that. Any plans to make it available for those platforms?Thanks. - Anonymous
October 06, 2014
Bill,We are working on a version that would help Windows store/phone apps. We will update the blog once the nuget package is available. - Anonymous
October 07, 2014
The comment has been removed - Anonymous
October 08, 2014
The comment has been removed - Anonymous
October 23, 2014
Can someone from the team verify that the library works with users that have a single quote (') in the DisplayName?We have a user with a Last Name of "O'Hara" in AD, if we don't escape the name, using the FilterExpression in a GraphConnection.List<T>() causes an error, if we do URL escape it, we get back no match. This same user can access other O365 resources fine (Outlook and Sharepoint).We can see the escaped GET request and it is formed correctly. What is the expected behavior with .Encode()'ed strings? (FTR, the documentation on what characters are allowed in On-Prem AD vs Cloud AD using DirSync is confusing to say the least) - Anonymous
June 02, 2015
Hello, Is this available for Windows store apps (Universal apps) now? - Anonymous
August 26, 2015
Hi Pavan, Is Azure Active Directory Graph Client Library 1.0" DLL compatible with Framework 4.0?