Correct Authentication method for Windows Service Application connecting to O365 accounts linked with AD

Allan Fernandes 166 Reputation points
2020-10-18T21:09:15.227+00:00

Hi,

I have a application consisting both UI and Service Exe's that saves critical data files from users machine to his Onedrive Cloud space. My application handles the Authentication using Microsoft Graph and gets the required Access token / Refresh Token by allowing the user to entering his credentials .

Now I have this prospective customer who may have above 500 users. He says the O365 logins are integrated with his Domain's Active Directory and the passwords change every 15 days. It is not possible for user to enter all these passwords every 15 days.

Please advice what I should use, there are loads of documentation on Microsoft website and I am unable to pin on anything specific.

I have a free microsoft developer account. Will I need to convert it to paid one ?

Regards
Allan

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,362 questions
0 comments
Accepted answer
  1. Alfredo Revilla - Senior Freelance SWE, SWA, IAM 26,936 Reputation points
    2020-10-19T16:30:25.207+00:00

    You might try authenticating as an application using client credentials grant from your service exe. Users will still need to input their new password but the application itself will be capable of authenticating w/o interruption to AAD/MS Graph.

    --
    Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Allan Fernandes 166 Reputation points
    2020-10-28T21:56:39.893+00:00

    anonymous user-msft the RefreshTokens are discarded the moment the password is changed. Microsoft does it for Security reasons.

    Please tell me how to integrate with AD.

    0 comments
  2. Alfredo Revilla - Senior Freelance SWE, SWA, IAM 26,936 Reputation points
    2020-12-28T20:44:42.327+00:00

    As initially suggested you can use client credentials flow to keep getting access tokens silently using a certificate, a secret or a refresh token, this without any user intervention. Your problem might be the session lifetime for your UI application which does not rely on access or refresh tokens but session tokens. Lifetime for the later can be managed using Conditional Access sign in frequency. Please expand more on your application architecture and authentication flow to get a better idea of what issues are you facing.