0

I am developing a native application that should access the Azure tenant of the customer that is logging in (like the Azure PowerShell signin experience). I tried to use Azure PowerShell's client id, but the refresh token to renew the credentials seems to be valid for 12 hours only. Afterwords, the user had to sign in again.

I tried to create a multi-tenant Azure AAD application, but multi-tenancy is not available for native AAD applications. How can I get a client id similar to PowerShell AAD client ID 1950a258-227b-4e31-a9cf-717495945fc2 that allows me to use the Azure Service Management API of the user loggin in (who is not in my Azure AD).

Improve this question

1 Answer 1

Reset to default
2

First you should look into listing your App in the Azure Active Directory application gallery. This is the right way to do what you want. They will generate a client id for you. You should not use one already created for another app. That said...

For testing purposes, I wanted to do something similar. I used the VS client ID and was able to successfully Auth using this code:

public static string GetAuthorizationHeader()
        {
            AuthenticationResult result = null;

            var context = new AuthenticationContext("https://login.windows.net/common"); // tenant agnostic endpooint
            result = context.AcquireToken("https://management.core.windows.net/",
                                          "1950a258-227b-4e31-a9cf-717495945fc2", // Windows Azure Management API's Client ID
                                          new Uri("urn:ietf:wg:oauth:2.0:oob")); // standard redirect for native apps (console, desktop, mobile, etc)

            if (result == null)
            {
                throw new InvalidOperationException("Failed to obtain the JWT token");
            }

            return result.AccessToken;
        }

I posted the code up to GitHub here: devdash/EzAzureMgmtApiAuth, and more detail is on my blog: http://devian.co/2015/07/01/authenticate-to-the-azure-service-management-api/

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks Devian for the hint to the Azure AD application gallery. The problem with your code however is that the user always has to re-signin after 12 hours, since the refresh token that can be used to renew the access token expires after that timespan. My workaround for now is to use the impersonated user's access token to create an Azure AD application in the user's tenant Azure AD and then use the application's client id to sign in. However, this way I can only use the new Azure Resource Manager API.
Blog post moved to tripdubroot.com/azure/development/2015/07/01/….

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.