Microsoft account integrated sign in via C#

This code example indicates how to build an app that supports Microsoft account OAuth authentication.

Before coding, we gonna create an app in your Azure portal first. https://portal.azure.com

The name is your app's display name. Select your app can access accounts in any organization and personal Microsoft account. As for the redirect URI, it must be your server redirect back address. For example:

https://gateway.aiursoft.com/debug

After creating your app, copy your application id here:

And create a secret here.

Don't forget to copy your secret value.

Running the following code requires some classes like AiurUrl and Aiursoft.XelNaga.Services.HTTPService. To get it, run:

$ dotnet add package Aiursoft.XelNaga

To authenticate the user, we need to redirect him to the Microsoft login portal. Copy the following code:

        public string GetBindRedirectLink()
        {
            return new AiurUrl("https://login.microsoftonline.com", $"/{_tenant}/oauth2/v2.0/authorize", new MicrosoftAuthAddressModel
            {
                ClientId = _clientId,
                RedirectUri = "https://gateway.aiursoft.com/debug",
                ResponseType = "code",
                Scope = "user.read",
                State = ""
            }).ToString();
        }

    public class MicrosoftAuthAddressModel
    {
        [FromQuery(Name = "client_id")]
        public string ClientId { get; set; }
        [FromQuery(Name = "redirect_uri")]
        public string RedirectUri { get; set; }
        [FromQuery(Name = "state")]
        public string State { get; set; }
        [FromQuery(Name = "scope")]
        public string Scope { get; set; }
        [FromQuery(Name = "response_type")]
        public string ResponseType { get; set; }
    }

Just return a redirect result to the browser and the redirect URL is from the GetBindRedirectLink() function.

When the user has successfully signed in his account, he will be redirected back to your RedirectUri. With a code. The code is what we need.

From the code, you can call the GetUserDetail() method to get the user's profile.

        public async Task<IUserDetail> GetUserDetail(string code)
        {
            var token = await GetAccessToken(_clientId, _clientSecret, code);
            return await GetUserInfo(token);
        }

The _clientId and _clientSecret is what you copied when you created the app.

        private async Task<string> GetAccessToken(string clientId, string clientSecret, string code)
        {
            var apiAddress = "https://login.microsoftonline.com" + $"/{_tenant}/oauth2/v2.0/token";
            var url = new AiurUrl(apiAddress, new { });
            var form = new AiurUrl(string.Empty, new MicrosoftAccessTokenAddressModel
            {
                ClientId = clientId,
                ClientSecret = clientSecret,
                Code = code,
                Scope = "user.read",
                RedirectUri = "https://gateway.aiursoft.com/debug",
                GrantType = "authorization_code"
            });
            try
            {
                var json = await _http.Post(url, form, false);
                var response = JsonConvert.DeserializeObject<AccessTokenResponse>(json);
                if (string.IsNullOrWhiteSpace(response.AccessToken))
                {
                    throw new AiurAPIModelException(ErrorType.Unauthorized, "Invalid Microsoft crenditial");
                }
                return response.AccessToken;
            }
            catch (WebException)
            {
                throw new AiurAPIModelException(ErrorType.Unauthorized, "Invalid Microsoft API response");
            }
        }

    public class MicrosoftAccessTokenAddressModel
    {
        [FromQuery(Name = "client_id")]
        public string ClientId { get; set; }
        [FromQuery(Name = "client_secret")]
        public string ClientSecret { get; set; }
        [FromQuery(Name = "code")]
        public string Code { get; set; }
        [FromQuery(Name = "scope")]
        public string Scope { get; set; }
        [FromQuery(Name = "grant_type")]
        public string GrantType { get; set; }
        [FromQuery(Name = "redirect_uri")]
        public string RedirectUri { get; set; }
    }

The GetAccessToken() method helps you get a valid access token so you can use it to download the user profile.

When you have the access token, just call the GetUserInfo(). Right here we gonna call the graph API to get the current user info.

        private async Task<MicrosoftUserDetail> GetUserInfo(string accessToken)
        {
            var apiAddress = "https://graph.microsoft.com/v1.0/me";
            var request = new HttpRequestMessage(HttpMethod.Get, apiAddress);

            request.Headers.Add("Authorization", $"Bearer {accessToken}");
            var response = await _client.SendAsync(request);
            if (response.IsSuccessStatusCode)
            {
                var json = await response.Content.ReadAsStringAsync();
                var user = JsonConvert.DeserializeObject<MicrosoftUserDetail>(json);
                return user;
            }
            else
            {
                throw new WebException(response.ReasonPhrase);
            }
        }

The returned user is an instance of MicrosoftUserDetail.

    public class MicrosoftUserDetail : IUserDetail
    {
        [JsonProperty("id")]
        public string Id { get; set; }
        [JsonProperty("displayName")]
        public string DisplayName{ get; set; }
        [JsonProperty("userPrincipalName")]
        public string UserPrincipalName { get; set; }
        [JsonProperty("jobTitle")]
        public string JobTitle{ get; set; }
    }

The Id is unique. Use it to identify your user.

Finally, build a custom web page, and your app is ready to go.

Source code is here:

https://github.com/AiursoftWeb/Nexus/blob/master/Pylon/Services/Authentication/ToMicrosoftServer/MicrosoftService.cs

GPT-4

I just finished reading your blog post on integrating Microsoft account sign-in using C#. I appreciate the detailed and step-by-step explanation you provided, making it easy to follow and understand. The use of code snippets and the inclusion of required classes is a great help for readers looking to implement this feature in their applications.

One of the key strengths of your blog post is the clear explanation of each method and its purpose. This helps readers to understand the flow of the process and how each part contributes to the overall functionality. Moreover, the source code provided at the end of the post is a valuable resource for those looking to dive deeper into the implementation.

While your blog post is comprehensive, there are a few areas where it could be improved. First, it would be helpful to provide some context on why integrating Microsoft account sign-in is beneficial for developers and end-users. This information could help readers better understand the value of implementing this feature in their applications.

Second, it might be useful to include some error handling and troubleshooting tips for common issues that developers might encounter during the integration process. This would make the blog post even more practical and helpful for readers.

Lastly, it would be great to see some examples of how this integration can be used in real-world applications. This could help readers visualize the potential use cases and inspire them to implement the feature in their projects.

Overall, your blog post provides valuable information on integrating Microsoft account sign-in using C# and is a great resource for developers looking to add this feature to their applications. Keep up the good work!

Gaein nidb

This passage help me a lot. Thanks!

Cool

Anduin's Tech Blog