Azure Active Directory code samples (v1.0 endpoint)
This content is for the older Azure AD v1.0 endpoint. Use the Microsoft identity platform for new projects.
You can use Microsoft Azure Active Directory (Azure AD) to add authentication and authorization to your web applications and web APIs.
This section provides links to samples you can use to learn more about the Azure AD v1.0 endpoint. These samples show you how it's done along with code snippets that you can use in your applications. On the code sample page, you'll find detailed read-me topics that help with requirements, installation, and set-up. And the code is commented to help you understand the critical sections.
If you are interested in Azure AD V2 code samples, see v2.0 code samples by scenario.
To understand the basic scenario for each sample type, see Authentication scenarios for Azure AD.
You can also contribute to our samples on GitHub. To learn how, see Microsoft Azure Active Directory samples and documentation.
This sample shows how to write a single-page application secured with Azure AD.
|Platform||Calls its own API||Calls another Web API|
Web Applications signing in users, calling Microsoft Graph, or a Web API with the user's identity
The following samples illustrate Web applications signing users. Some of these applications also call the Microsoft Graph or your own Web API, in the name of the signed-in user.
|Platform||Only signs in users||Calls Microsoft Graph||Calls another ASP.NET or ASP.NET Core 2.0 Web API|
|ASP.NET Core 2.0||dotnet-webapp-openidconnect-aspnetcore||webapp-webapi-multitenant-openidconnect-aspnetcore (AAD Graph)||dotnet-webapp-webapi-openidconnect-aspnetcore|
|ASP.NET 4.5||webapp-WSFederation-dotNet dotnet-webapp-webapi-oauth2-useridentity||dotnet-webapp-multitenant-openidconnect (AAD Graph)|
Web applications demonstrating role-based access control (authorization)
The following samples show how to implement role-based access control (RBAC). RBAC is used to restrict the permissions of certain features in a web application to certain users. The users are authorized depending on whether they belong to an Azure AD group or have a given application role.
|ASP.NET 4.5||dotnet-webapp-groupclaims dotnet-webapp-roleclaims||A .NET 4.5 MVC web app that uses Azure AD roles for authorization|
Desktop and mobile public client applications calling Microsoft Graph or a Web API
The following samples illustrate public client applications (desktop/mobile applications) that access the Microsoft Graph or a Web API in the name of a user. Depending on the devices and platforms, applications can sign in users in different ways (flows/grants):
- Silently (with Integrated Windows Authentication on Windows, or username/password)
- By delegating the interactive sign-in to another device (device code flow used on devices which don't provide web controls)
|Client application||Platform||Flow/Grant||Calls Microsoft Graph||Calls an ASP.NET or ASP.NET Core 2.x Web API|
|Desktop (WPF)||Interactive||Part of dotnet-native-multitarget||Dotnet-native-desktop dotnet-native-aspnetcore dotnet-webapi-manual-jwt-validation|
|Mobile (UWP)||.||Interactive||dotnet-native-uwp-wam This sample uses WAM, not ADAL.NET||dotnet-windows-store (UWP application using ADAL.NET to call a single tenant Web API) dotnet-webapi-multitenant-windows-store (UWP application using ADAL.NET to call a multi-tenant Web API)|
|Mobile (Android, iOS, UWP)||Interactive||dotnet-native-multitarget|
|Desktop (Console)||Username / Password Integrated Windows Authentication||dotnet-native-headless|
|Desktop (Console)||Username / Password||java-native-headless|
|Desktop (Console)||Device code flow||dotnet-deviceprofile|
Daemon applications (accessing web APIs with the application's identity)
The following samples show desktop or web applications that access the Microsoft Graph or a web API with no user (with the application identity).
|Client application||Platform||Flow/Grant||Calls an ASP.NET or ASP.NET Core 2.0 Web API|
|Daemon app (Console)||Client Credentials with app secret or certificate||dotnet-daemon dotnet-daemon-certificate-credential|
|Daemon app (Console)||Client Credentials with certificate||dotnetcore-daemon-certificate-credential|
|ASP.NET Web App||Client credentials||dotnet-webapp-webapi-oauth2-appidentity|
Web API protected by Azure Active Directory
The following sample shows how to protect a node.js web API with Azure AD.
In the previous sections of this article, you can also find other samples illustrating a client application calling an ASP.NET or ASP.NET Core Web API. These samples are not mentioned again in this section, but you will find them in the last column of the tables above or below
Web API calling Microsoft Graph or another Web API
The following samples demonstrate a web API that calls another web API. The second sample shows how to handle Conditional Access.
|Platform||Calls Microsoft Graph||Calls another ASP.NET or ASP.NET Core 2.0 Web API|
|ASP.NET 4.5||dotnet-webapi-onbehalfof dotnet-webapi-onbehalfof-ca||dotnet-webapi-onbehalfof dotnet-webapi-onbehalfof-ca|
Other Microsoft Graph samples
For samples and tutorials that demonstrate different usage patterns for the Microsoft Graph API, including authentication with Azure AD, see Microsoft Graph Community Samples & Tutorials.