.NET Core (Part 2)

Creating a Blazor App that calls Microsoft Graph.

Microsoft Dotnet Logo by Microsoft Corporation is licensed under Creative Commons CC0 1.0 Universal Public Domain Dedication

Microsoft Graph

Microsoft Graph is a REST API that can be used to access: Microsoft 365, Azure Active Directory, Windows and Dynamics 365.

Microsoft Graph explorer is a developer tool that lets you learn about Microsoft Graph APIs.

Microsoft Graph Explorer

Blazor Server app

I wanted to create a Blazor Server app that would allow users to sign in using their M365/Azure Active Directory credentials.

I wanted the Blazor Server app to display the logged in user's name and their photograph.

I created an Azure application (app) registration.

Azure Active Directory

New registration

Single tenant

redirect uri set to localhost...

App registration created

Update Authentication

Add a client secret

Secret will be valid for 180 days

Copy the value

Blazor Server

Blazor is a web framework for building Razor components.

Razor components run server-side in ASP.NET Core.

(Razor components run client-side in the browser using WebAssembly)

A blazor server application can be generated using the dotnet command line tool.

$ dotnet new blazorserver -o <project name>

In this case I wanted to create a blazor server application that would authenticate users using Azure Active Directory (the App registration created above) and call Microsoft Graph to access the user's profile and the user's profile photograph.

$ dotnet new blazorserver --auth SingleOrg --calls-graph -o haddley-blazor-graph --client-id "5df669b6-f661-473c-9f5d-100f792d16c7" --tenant-id "2788913d-04ad-47a2-ac42-4b02caa6a4be" --domain "p8lf.onmicrosoft.com" -f net7.0

dotnet new blazorserver ...

dotnet run (navigate to localhost)

The generated Blazor Server app (includes integration with Azure Active Directory and Microsoft Graph)

I copied the ClientSecret to appsettings.json

I am now able to login to the Blazor Server app using Azure Active Directory credentials

I provided the password

I skipped Multi factor authentication (for now)

Do I want to stay signed in?

I navigate to the Show profile page

/showprofile page

Key move is call to injected GraphServiceClient (to access Microsoft Graph)

I updated navigation...

... to include a link to a /showphoto page

The /showphoto page will need to make a "my photo" call to Microsoft Graph

I copied the "Me.Photo.Content" expression/path to the new /showphoto page.

ShowPhoto.razor
         
@page "/showphoto"

@using Microsoft.Identity.Web
@using Microsoft.Graph
@inject Microsoft.Graph.GraphServiceClient GraphServiceClient
@inject MicrosoftIdentityConsentAndConditionalAccessHandler ConsentHandler

<h1>My Photo</h1>

<p>This component demonstrates fetching data from a service.</p>

@if (imgDataURL == null)
{
    <p><em>Loading...</em></p>
}
else
{
    <img src=@imgDataURL />
}

@code {
    String? imgDataURL;

    protected override async Task OnInitializedAsync()
    {
        try
        {
            Stream photo = await GraphServiceClient.Me.Photo.Content.Request().GetAsync();

            if (photo != null)
            {
                MemoryStream ms = new MemoryStream();
                photo.CopyTo(ms);
                byte[] buffer = ms.ToArray();
                string result = Convert.ToBase64String(buffer);
                imgDataURL = string.Format("data:image/png;base64,{0}", result);
            }
            else
            {
                imgDataURL = "";
            }
        }
        catch (Exception ex)
        {
            ConsentHandler.HandleException(ex);
        }
    }
}

Show photo page running

Program.cs

Notice that the Blazor Server project includes a Program.cs file with contents similar what you would expect to see in a Model-View-Controller project.

A Blazor Server project and a Model-View-Controller project are both ASP.NET Core projects and it is possible to mix and match.

Program.cs (part 1)

Program.cs (part 2)

Program.cs
         
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Components;
using Microsoft.AspNetCore.Components.Web;
using Microsoft.AspNetCore.Mvc.Authorization;
using Graph = Microsoft.Graph;
using haddley_blazor_graph.Data;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
var initialScopes = builder.Configuration["DownstreamApi:Scopes"]?.Split(' ');

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
        .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
            .AddMicrosoftGraph(builder.Configuration.GetSection("DownstreamApi"))
            .AddInMemoryTokenCaches();
builder.Services.AddControllersWithViews()
    .AddMicrosoftIdentityUI();

builder.Services.AddAuthorization(options =>
{
    // By default, all incoming requests will be authorized according to the default policy
    options.FallbackPolicy = options.DefaultPolicy;
});

builder.Services.AddRazorPages();
builder.Services.AddServerSideBlazor()
    .AddMicrosoftIdentityConsentHandler();
builder.Services.AddSingleton<WeatherForecastService>();

var app = builder.Build();

// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
    app.UseHsts();
}

app.UseHttpsRedirection();

app.UseStaticFiles();

app.UseRouting();

app.MapControllers();
app.MapBlazorHub();
app.MapFallbackToPage("/_Host");

app.Run();

References

.NET Core (Part 1)

Create a Blazor Server app that uses the Microsoft identity platform for authentication