Here is a break down to the problem I'm facing:
Here is the summary of the agony I’ve been going through the last few days.
VS2013 project template uses this code for the SignIn method in the Account controller:
WsFederationConfiguration config = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
string callbackUrl = Url.Action("Index", "Home", routeValues: null, protocol: Request.Url.Scheme);
SignInRequestMessage signInRequest = FederatedAuthentication.WSFederationAuthenticationModule.CreateSignInRequest(
uniqueId: String.Empty,
returnUrl: callbackUrl,
rememberMeSet: false);
signInRequest.SetParameter("wtrealm", IdentityConfig.Realm ?? config.Realm);
return new RedirectResult(signInRequest.RequestUrl.ToString());
The sample project from github uses this:
HttpContext.GetOwinContext()
.Authentication.Challenge(new AuthenticationProperties {RedirectUri = "/"},
OpenIdConnectAuthenticationDefaults.AuthenticationType);
Then on the startup class it captures the AuthorizationCodeReceived like this:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
//
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
Then it saves it in the a TokenCache, when calling the graph API, it initiates the AuthenticationContext class with the cache like this
AuthenticationContext authContext = new AuthenticationContext(Startup.Authority,
new NaiveSessionCache(userObjectID));
ClientCredential credential = new ClientCredential(clientId, appKey);
result = authContext.AcquireTokenSilent(graphResourceId, credential,
new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
What I tried to do is this:
AuthenticationContext authContext = new AuthenticationContext(authority);
ClientCredential credential = new ClientCredential(clientId, appKey);
result = await authContext.AcquireTokenAsync(graphResourceId, credential);
This returns a shorter token with some missing info.
This issue can be easily replicated if you create a new project in VS2013 using MVC and Organization Account login, then try to call the graph API.
I need a way of calling the graph API using the template project from VS2013.
We contacted Microsoft support about the issue and here is a summary of the solution. The template created from VS2013 uses WSFederation library for authentication. There is no easy way to use that to call the Graph API. This was rectified by Microsoft in VS2015 where the same template uses OpenID library to authenticate and then you can make calls to the Graph API.