Login/Register
How to get the Active directory token of a user?
Asked Answered
c#authenticationactive-directoryclient-server
C

1

8

I am developing a client-server application. In the usage of this application, clients and server have same AD (Active Directory) domain.

I want my server application to authenticate every client by its AD user. That means, that when a user runs an instance of the client application, the server should understand which AD user is using this instance of application and authenticate it. So, client application must send some information to server.

One solution is sending the user AD username. Because of security reasons, this solution isn't acceptable.

Another solution is sending user AD token (which is given to the AD user on logging in to windows). In this solution the server can check validity of this token and so it can recognize the client AD user and authenticate it. Now the problem is that in implemention of client's application, I don't know how to get the AD token.

I am using C# to implement the client application. Can you please help me with that? Or do you have better solution for this kind of authentication?

Cystolith answered 1/4, 2015 at 21:11 Comment(0)
S
4

Get clientid/appid, secret key from azure portal and the below to get token. Your directory name can be found by clicking your account on top right.

 string tenantName = "yourdirectoryName.OnMicrosoft.com";
 string authString = "https://login.microsoftonline.com/" + tenantName;
 AuthenticationContext authenticationContext = new AuthenticationContext(authString, false);
 // Config for OAuth client credentials             
 ClientCredential clientCred = new ClientCredential(clientId, appKey);
 string resource = "https://graph.windows.net";
 string token;
 try
 {
     AuthenticationResult authenticationResult = authenticationContext.AcquireToken(resource, clientCred);
     token = authenticationResult.AccessToken;
 }
 catch (AuthenticationException ex)
 {
     Console.ForegroundColor = ConsoleColor.Red;
     Console.WriteLine("Acquiring a token failed with the following error: {0}", ex.Message);
     if (ex.InnerException != null)
     {
         Console.WriteLine("Error detail: {0}", ex.InnerException.Message);
     }
 }
Soren answered 8/3, 2017 at 0:5 Comment(3)
Hi @Kurkula, can you please explain for me what should be values of "tenantName", "clientId", "appKey" and "resource" and where can I get them? Thanks. I have the same question with the author above.Garnishment
Its been some time this question has been asked. I am providing this info just in case somebody lands up here learn.microsoft.com/en-us/azure/active-directory/develop/…Exult
Everyone here is assuming authentication via Azure AD, but I don't think the question concerns Azure AD, it is rather about Windows Active Directory. I don't know if it is possible to let Windows AD generate tokens ?Gove

© 2022 - 2024 — McMap. All rights reserved.