microsoft-authentication-library-for-dotnet
microsoft-authentication-library-for-dotnet copied to clipboard
AzureAD
[Documentation] Scenarios where there is a Web Application and a console app (Job)
Documentation related to component
Web App, Console App (Job)
Please check those that apply
- [ ] typo
- [x] documentation doesn't exist
- [ ] documentation needs clarification
- [ ] error(s) in example
- [ ] needs example
Description of the issue
Hello,
I was unable to find any documentation/sample to describe scenarios where a Web Application authenticates the user interactively and saves access/refresh tokens and a console app (Job) runs periodically to perform certain actions (like sending emails) on behalf of the user. I know this is a very common scenario for CRM/marketing applications but I was unable to find any sample code.
This page contains the web app and daemon app samples: https://docs.microsoft.com/azure/active-directory/develop/sample-v2-code#web-applications and https://docs.microsoft.com/en-us/azure/active-directory/develop/sample-v2-code#service--daemon
For ASP.NET Core web apps, the preferred solution is [Microsoft.Identity.Web], which wraps MSAL.NET and provides the glue between ASP.NET core authentication and MSAL token acquisition
You can also find end to end documentation about the scenarios themselves in https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-call-api-overview and https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-overview
Thanks for your response @jmprieur! Based on my limited knowledge, I understand that the daemon scenario is only for apps that are looking to access accounts within a particular organization (admin access required).
The scenario I am looking for is for a ASP.NET MVC 5 Web App that gets authorization from a web user to access their Microsoft account and saves the token using AddDistributedSqlServerCache() in a SQL server database. The Console app (Job) accesses this same token, using the same client Id and client secret, every 15 minutes to send/receive emails. The web app users can belong to any organization.
I implemented this 2-3 years back using an older version of MSAL. At the time, I was not 100% sure if the pattern I used was accurate. I am using the same code base to acquire/refresh tokens using AcquireTokenSilent() for both Web App and Console App. This was working just fine until it went from working to broken recently. My assumption is that Microsoft has resolved some bugs that is causing this failure to occur. I have since upgraded to Microsoft.Identity.Web v1.25.1.0. This is why I want to make sure that the pattern I am using is correct.
This page contains the web app and daemon app samples: https://docs.microsoft.com/azure/active-directory/develop/sample-v2-code#web-applications and https://docs.microsoft.com/en-us/azure/active-directory/develop/sample-v2-code#service--daemon
For ASP.NET Core web apps, the preferred solution is [Microsoft.Identity.Web], which wraps MSAL.NET and provides the glue between ASP.NET core authentication and MSAL token acquisition
You can also find end to end documentation about the scenarios themselves in https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-call-api-overview and https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-overview
Thanks