A .NET Core daemon console application using MSAL.NET to acquire tokens for resources
About this sample
In these scenarios we show how unattended daemon applications can authenticate as itself using the Microsoft Authentication Library for .NET (MSAL.NET) SDK and acquire Access Tokens for various web APIs like Microsoft Graph or any other API secured with the Microsoft Identity Platform
Structure of the repository
This repository contains a chapter-wise tutorial made of three parts:
|1-Call-Graph||This sample application shows how to use the Microsoft Authentication Library for .NET (MSAL.NET) to access the data of Microsoft business customers in a long-running, non-interactive process. It uses the OAuth 2 client credentials grantto acquire an access token, which can be used to call the Microsoft Graph and access organizational data|
|2-Call-OwnApi||This sample application shows how to use the Microsoft Authentication Library for .NET (MSAL.NET) to access the data from a protected Web API, in a non-interactive process. It uses the OAuth 2 client credentials grant to acquire an access token, which is then used to call the Web API. Additionally, it lays down all the steps developers need to take to secure their Web APIs with the Microsoft identity platform.|
|3-Using-KeyVault||This chapter explains how to integrate Azure Key Vault and Managed Identities for Azure Resources with a daemon application. Additionally, it has a code snippet on how to get an access token for Key Vault.|
How to run this sample
To run this sample, you'll need:
- Visual Studio and the .NET Core SDK
- An Internet connection
- A Windows machine (necessary if you want to run the app on Windows)
- An OS X machine (necessary if you want to run the app on Mac)
- A Linux machine (necessary if you want to run the app on Linux)
- An Azure Active Directory (Azure AD) tenant. For more information on how to get an Azure AD tenant, see How to get an Azure AD tenant
- A user account in your Azure AD tenant. This sample will not work with a Microsoft account (formerly Windows Live account). Therefore, if you signed in to the Azure portal with a Microsoft account and have never created a user account in your directory before, you need to do that now.
Step 1: Clone or download this repository
From your shell or command line:
git clone https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2.git
or download and exact the repository .zip file.
Given that the name of the sample is pretty long, and so are the name of the referenced NuGet packages, you might want to clone it in a folder close to the root of your hard drive, to avoid file size limitations on Windows.
Community Help and Support
Use Stack Overflow to get support from the community.
Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before.
Make sure that your questions or comments are tagged with [
If you find a bug in the sample, please raise the issue on GitHub Issues.
If you find a bug in msal.Net, please raise the issue on MSAL.NET GitHub Issues.
To provide a recommendation, visit the following User Voice page.
If you'd like to contribute to this sample, see CONTRIBUTING.MD.
For more information, see MSAL.NET's conceptual documentation:
- Quickstart: Register an application with the Microsoft identity platform
- Quickstart: Configure a client application to access web APIs
- Acquiring a token for an application with client credential flows
For more information about the underlying protocol:
For a more complex multi-tenant Web app daemon application, see active-directory-dotnet-daemon-v2