Azure Active Directory code samples (v1.0 endpoint)

Applies to:
  • Azure AD v1.0 endpoint
  • Azure Active Directory Authentication Library (ADAL)

You can use Microsoft Azure Active Directory (Azure AD) to add authentication and authorization to your web applications and web APIs.

This section provides links to samples you can use to learn more about the Azure AD v1.0 endpoint. These samples show you how it's done along with code snippets that you can use in your applications. On the code sample page, you'll find detailed read-me topics that help with requirements, installation, and set-up. And the code is commented to help you understand the critical sections.


If you are interested in Azure AD V2 code samples, see v2.0 code samples by scenario.

To understand the basic scenario for each sample type, see Authentication scenarios for Azure AD.

You can also contribute to our samples on GitHub. To learn how, see Microsoft Azure Active Directory samples and documentation.

Single-page applications

This sample shows how to write a single-page application secured with Azure AD.

Platform Calls its own API Calls another Web API
JavaScript javascript-singlepageapp
Angular JS angularjs-singlepageapp angularjs-singlepageapp-cors

Web Applications

Web Applications signing in users, calling Microsoft Graph, or a Web API with the user's identity

The following samples illustrate Web applications signing users. Some of these applications also call the Microsoft Graph or your own Web API, in the name of the signed-in user.

Platform Only signs in users Calls Microsoft Graph or AAD Graph Calls another ASP.NET or ASP.NET Core 2.0 Web API

ASP.NET Core 2.0

dotnet-webapp-openidconnect-aspnetcore webapp-webapi-multitenant-openidconnect-aspnetcore

(AAD Graph)







(AAD Graph)

Python python-webapp-graphapi
Java java-webapp-openidconnect
Php php-graphapi-web

Web applications demonstrating role-based access control (authorization)

The following samples show how to implement role-based access control (RBAC). RBAC is used to restrict the permissions of certain features in a web application to certain users. The users are authorized depending on whether they belong to an Azure AD group or have a given application role.

Platform Sample




Desktop and mobile public client applications calling Microsoft Graph or a Web API

The following samples illustrate public client applications (desktop/mobile applications) that access the Microsoft Graph or a Web API in the name of a user. Depending on the devices and platforms, applications can sign in users in different ways (flows/grants):

  • interactively,
  • silently (with Integrated Windows Authentication on Windows, or Username/Password),
  • or even by delegating the interactive sign-in to another device (device code flow used on devices which don't provide web controls).
Client application Platform Flow/Grant Calls Microsoft Graph Calls an ASP.NET or ASP.NET Core 2.x Web API
Desktop (WPF) .NET/C# Interactive Part of dotnet-native-multitarget Dotnet-native-desktop


Mobile (UWP) ..NET/C#/UWP Interactive dotnet-native-uwp-wam

This sample uses WAM, not ADAL.NET

dotnet-windows-store (UWP application using ADAL.NET to call a single tenant Web API)

dotnet-webapi-multitenant-windows-store (UWP application using ADAL.NET to call a multi-tenant Web API)

Mobile (Android, iOS, UWP) .NET/C# (Xamarin) Interactive dotnet-native-multitarget
Mobile (Android) Android / Java Interactive android
Mobile (iOS) iOS / Objective C or swift Interactive nativeClient-iOS
Desktop (Console) .NET/C# Username / Password

Integrated Windows Authentication

Desktop (Console) Java console Username / Password java-native-headless
Desktop (Console) .NET Core/C# Device code flow dotnet-deviceprofile

Daemon applications (accessing Web APIs with the application's identity)

The following samples show desktop or web applications that access the Microsoft Graph or a web API with no user (with the application identity).

Client application Platform Flow/Grant Calls an ASP.NET or ASP.NET Core 2.0 Web API
Daemon app (Console) .NET Client Credentials with app secret or certificate dotnet-daemon


Daemon app (Console) .NET Client Credentials with certificate dotnetcore-daemon-certificate-credential
ASP.NET Web App .NET Client credentials dotnet-webapp-webapi-oauth2-appidentity

Web APIs

Web API protected by Azure Active Directory

The following sample shows how to protect a node.js web API with Azure AD.

In the previous sections of this article, you can also find other samples illustrating a client application calling an ASP.NET or ASP.NET Core Web API. These samples are not mentioned again in this section, but you will find them in the last column of the tables above or below

Platform Sample
Php node-webapi

Web API calling Microsoft Graph or another Web API

The following samples demonstrate a web API that calls another web API. The second sample shows how to handle conditional access.

Platform Calls Microsoft Graph Calls another ASP.NET or ASP.NET Core 2.0 Web API






Other Microsoft Graph samples

For samples and tutorials that demonstrate different usage patterns for the Microsoft Graph API, including authentication with Azure AD, see Microsoft Graph Community Samples & Tutorials.

See also

Azure Active Directory Developer's Guide

Azure Active Directory Authentication libraries

Azure AD Graph API Conceptual and Reference

Azure AD Graph API Helper Library