ADAL v3: How to authenticate using UserPasswordCredential?

Question

ADAL v3 has the UserPasswordCredential class, but I cannot find a working implementation. There's no AcquireToken overload which accepts a UserPasswordCredential or UserCredential type. What is the correct way of performing the username&password flow in ADAL v3? This particular piece of code is using full .Net 4.5.

Answer 1

To elaborate on the second part of the accepted answer, here is an implementation to make the POST request:

    From SettingHelper: public static string GetAuthorityEndpoint(string azuretenantId) => $"https://login.microsoftonline.com/{azuretenantId}/";

    private static async Task<OAuthResult> AuthenticateAsync(string resource = "https://yourAzureADProtectedResource.url/")
    {
        var oauthEndpoint = new Uri(new Uri(SettingsHelper.GetAuthorityEndpoint("your AAD Tenent ID")), "oauth2/token");

        using (var client = new HttpClient())
        {
            var result = await client.PostAsync(oauthEndpoint, new FormUrlEncodedContent(new[]
            {
                new KeyValuePair<string, string>("resource", resource),
                new KeyValuePair<string, string>("client_id", "your AAD App Id"),
                new KeyValuePair<string, string>("grant_type", "password"),
                new KeyValuePair<string, string>("username", "[email protected]"),
                new KeyValuePair<string, string>("password", "your password"),
                new KeyValuePair<string, string>("scope", "openid"),
                new KeyValuePair<string, string>("client_secret", "an access key for your AAD App"),
            }));

            var content = await result.Content.ReadAsStringAsync();
            var authResult = JsonConvert.DeserializeObject<OAuthResult>(content);
            return authResult;
        }
    }

    class OAuthResult
    {
        public string Token_Type { get; set; }
        public string Scope { get; set; }
        public int Expires_In { get; set; }
        public int Ext_Expires_In { get; set; }
        public int Expires_On { get; set; }
        public int Not_Before { get; set; }
        public Uri Resource { get; set; }
        public string Access_Token { get; set; }
    }

You can then go on to use the Auth result like this:

    private async Task<HttpClient> GetHttpClientWithAzureADAuthentication()
    {
        OAuthResult authResult;
        try
        {
            authResult = await AuthenticateAsync();
            var httpClient = GetHttpClient();
            httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {authResult.Access_Token}");

            return httpClient;
        }
        catch (Exception e)
        {
            Debug.WriteLine(e);
            throw;
        }
    }

Answer 2

If you were developing with client app, you can refer the code below to acquire the token:

string authority = "https://login.microsoftonline.com/xxxx.onmicrosoft.com";
string resrouce = "https://graph.windows.net";
string clientId = "";
string userName = "";
string password = "";
UserPasswordCredential userPasswordCredential = new UserPasswordCredential(userName,password);
AuthenticationContext authContext = new AuthenticationContext(authority);
var token= authContext.AcquireTokenAsync(resrouce,clientId, userPasswordCredential).Result.AccessToken;

And if you were developing with web app( this is not common scenario), there is no such method in ADAL V3 to support this scenario. As a workaround, you may construct the request yourself. Here is an example for your reference:

POST: https://login.microsoftonline.com/xxxxx.onmicrosoft.com/oauth2/token

Content-Type: application/x-www-form-urlencoded
resource={resource}&client_id={clientId}&grant_type=password&username={userName}&password={password}&scope=openid&client_secret={clientSecret}