Message 1 of 4
Accessing web api secured via Azure Active Directory using MSAL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report
How would one go about accessing a Azure AD protected web api using the Microsoft Identity Platform (MSAL) NuGet package? Our company's web api access (and also things like the Microsoft Graph/Teams) is controlled via Azure Active Directory therefore I need to get an access token.
The main concern is the pop-up window that MSAL launches when no token has been established. AquireTokenInteractive() is an async method with no sync option. The pop-up asks for the account (work/school/etc) and possibly some two-factor authentication information. Is there anything wrong with the following approach that would cause issues in Revit? It appears to be functioning in .NET Framework 4.8.
using Autodesk.Revit.Attributes;
using Autodesk.Revit.DB;
using Autodesk.Revit.UI;
using Microsoft.Identity.Client;
using System;
using System.Diagnostics;
using System.Threading.Tasks;
[Transaction(TransactionMode.Manual)]
public class MyCommand : IExternalCommand
{
public Result Execute(ExternalCommandData commandData, ref string message, ElementSet elements)
{
try
{
Task.Run(async () => { await RunAsync(); }).Wait();
// do more stuff here
}
catch (Exception ex)
{
Debug.Print(ex.ToString());
}
return Result.Cancelled;
}
}
public static async Task RunAsync()
{
AuthenticationResult authResult = null;
var app = PublicClientApplicationBuilder.Create("<clientId>")
.WithDefaultRedirectUri()
.WithAuthority(AzureCloudInstance.AzurePublic, "<tenantId>")
.Build();
var scopes = new string[] { "<scope-name>" };
var loginHint = "<my-hint>";
try
{
authResult = await app.AcquireTokenSilent(scopes, loginHint)
.ExecuteAsync()
.ConfigureAwait(false);
}
catch (MsalUiRequiredException ex)
{
// A MsalUiRequiredException happened on AcquireTokenSilent.
// This indicates you need to call AcquireTokenInteractive to acquire a token
System.Diagnostics.Debug.WriteLine($"MsalUiRequiredException: {ex.Message}");
try
{
// this will launch a pop-up window
authResult = await app.AcquireTokenInteractive(scopes)
.WithLoginHint(loginHint)
.ExecuteAsync()
.ConfigureAwait(false);
}
catch (MsalException msalex)
{
Debug.WriteLine($"Error Acquiring Token:{System.Environment.NewLine}{msalex}");
}
}
catch (Exception ex)
{
Debug.WriteLine($"Error Acquiring Token Silently:{System.Environment.NewLine}{ex}");
return;
}
if (authResult != null)
{
var httpClient = new System.Net.Http.HttpClient();
System.Net.Http.HttpResponseMessage response;
try
{
var request = new System.Net.Http.HttpRequestMessage(System.Net.Http.HttpMethod.Get, "https://<my-web-api-endpoint>");
// Add the token in Authorization header
request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", authResult.AccessToken);
response = await httpClient.SendAsync(request).ConfigureAwait(false);
var content = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
MessageBox.Show(content, "Web Result");
}
catch (Exception ex)
{
Debug.WriteLine($"error calling api: {ex}");
}
}
}