Menu
I need to register application in Azure AD(App registrations) using API in .net core 2.0. I have tried to registered application using power-shell. it is working. but I need to do that using API because power-shell script will have authorization issue when we deploy it on web server.
Is there any API using which we can register API?
I have tried to find Microsoft Graph API but I did not find any example. I have also tried to find sample example but they are using power-shell script to application registration.
320
For your requirement, you can use microsoft graph api POST https://graph.microsoft.com/v1.0/applications.
To use this api, you need to finish authorization. As you are worry about authorization, I suggest you to use client_credential grant flow to do it. You can refer to the code below in the document of the graph api to request the api by sdk.
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var application = new Application
{
DisplayName = "Display name"
};
await graphClient.Applications
.Request()
.AddAsync(application);
By the way, you can refer to this document to know how to get the authProvider in the code above.
=================================Update===============================
You need to add the permission to the application which you created. We can find the graph api requires the permissions as below:
So we need to add at least one of the permissions to the application you created, please refer to the steps below:
After add the permission, do not forget grant admin consent.
After that, run your code. It will create the new app success.
=======================Update for add permissions===================
To create a app with some permissions, you can use the code below:
using Microsoft.Graph;
using Microsoft.Graph.Auth;
using Microsoft.Identity.Client;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
namespace ConsoleApp28
{
class Program
{
static async Task Main(string[] args)
{
Console.WriteLine("Hello World!");
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create("<client id>")
.WithTenantId("<tenant id>")
.WithClientSecret("<client secret>")
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var application = new Application
{
DisplayName = "huryNewappWithPermissions",
RequiredResourceAccess = new List<RequiredResourceAccess>()
{
new RequiredResourceAccess
{
ResourceAppId = "00000003-0000-0000-c000-000000000000",
ResourceAccess = new List<ResourceAccess>()
{
new ResourceAccess
{
Id = Guid.Parse("e1fe6dd8-ba31-4d61-89e7-88639da4683d"), //id of User.Read(Delegated) permission
Type = "Scope"
},
new ResourceAccess
{
Id = Guid.Parse("1bfefb4e-e0b5-418b-a88f-73c46d2cc8e9"), //id of Application.ReadWrite.All(Application) permission
Type = "Role"
}
}
}
}
};
await graphClient.Applications.Request().AddAsync(application);
}
}
}
You can list all of graph permissions by this api:
https://graph.microsoft.com/v1.0/serviceprincipals?$filter=appId eq '00000003-0000-0000-c000-000000000000'
Then find the id of permissions and put the it into the code above. Type = "Scope" means the permission is "Delegated" type, Type = "Role" means the permission is "Application" type.
55
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
