Programmatically register app in azure active directory using graph api

Question

I am trying to register an application in Azure AD using graph API, I have a method CallRestAPI which will make the request. Below is the code

    public async Task<Response> AzureADApp()
    {
        Response responseMessage = new Response();
        try
        {
            var token = GenerateToken();
            List<(string, string)> listHeaders = new List<(string, string)>();
            listHeaders.Add(("Authorization", string.Concat("Bearer" + " " + token)));
            listHeaders.Add(("Content-Type", "application/json"));

            List<(string, string)> param = new List<(string, string)>();
            param.Add(("displayName", "VS1Application123"));
            param.Add(("homepage", "https://localhost:44358/"));
            param.Add(("identifierUris", "https://G7CRM4L/6958490c-21ae-4885-804c-f03b3add87ad"));

            string callUrl = "https://graph.windows.net/G7CRM4L/applications/?api-version=1.6";
            var result = CallRestAPI(callUrl, "", Method.POST, listHeaders, param);

        }
        catch (Exception ex)
        {
            responseMessage.StatusCode = Convert.ToInt16(HttpStatusCode.InternalServerError);
        }
        return responseMessage;
    }

    public async Task<IRestResponse> CallRestAPI(string BaseAddress, string SubAddress, Method method, List<(string, string)> headersList = null, List<(string, string)> paramsList = null)
    {
        var call = new RestClient(BaseAddress + SubAddress);
        var request = new RestRequest(method);

        if (headersList != null)
        {
            foreach (var header in headersList)
            {
                request.AddHeader(header.Item1, header.Item2);
            }
        }
        if (paramsList != null)
        {
            foreach (var param in paramsList)
            {
                request.AddParameter(param.Item1, param.Item2);
            }
        }

        var response = call.ExecuteTaskAsync(request);

        return response.Result;
    }

I think the way I am sending parameters in the body is not correct can anyone guide me how to make this code work or is there a better way to achieve the same? Thank you.

Answer 1

A better way to achieve the same i.e. register an app with Azure AD will be to make use of Azure AD Graph Client Library

I say it's a better approach because when you use the client library you reap multiple benefits like no raw HTTP request handling, writing more convenient and declarative C# code, depending on a well tested library, async support etc.

Underlying Graph API used will still be the same I suppose

POST https://graph.windows.net/{tenant-id}/applications?api-version=1.6

Here is sample code (C#) to create an Azure AD application

Notice that I've kept app.PublicClient flag as true to register as a native application. You can set it to false if you want to register it as a web application.

        using System;
        using System.Collections.Generic;
        using System.Linq;
        using System.Text;
        using System.Threading.Tasks;
        using Microsoft.Azure.ActiveDirectory.GraphClient;
        using Microsoft.IdentityModel.Clients.ActiveDirectory;

        namespace CreateAzureADApplication
        {
            class Program
            {
                static void Main(string[] args)
                {

                    ActiveDirectoryClient directoryClient;

                    ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(new Uri("https://graph.windows.net/{yourAADGUID}"),
            async () => await GetTokenForApplication());


                    Application app = new Application();
                    app.DisplayName = "My Azure AD Native App";
                    app.PublicClient = true;
                    app.Homepage = "https://myazureadnativeapp";
                    activeDirectoryClient.Applications.AddApplicationAsync(app).GetAwaiter().GetResult();

                 }

             public static async Task<string> GetTokenForApplication()
             {
                   AuthenticationContext authenticationContext = new AuthenticationContext(
                "https://login.microsoftonline.com/{yourAADGUID}",
                false);

            // Configuration for OAuth client credentials 

                ClientCredential clientCred = new ClientCredential("yourappclientId",
                    "yourappclientsecret"
                    );
                AuthenticationResult authenticationResult =
                    await authenticationContext.AcquireTokenAsync("https://graph.windows.net", clientCred);

                return authenticationResult.AccessToken;

            }
          }
        }

Setup: I have an application registered in Azure AD, which has required permissions as application permission - Read and Write all applications and grant permissions is done for this app. Now using this application's client id and client secret, a token is acquired and Azure AD Graph API is called to create an application. It is not mandatory to use application permissions, you can also use delegated permissions by prompting user for credentials. See links to more detailed examples (old ones but still useful).

• Console Application using Graph client library

• Web app calls Graph using Graph client library

• Azure AD Graph Client Library 2.0 Announcement page

On a side note, you could do this using the newer Microsoft Graph API as well,

    POST https://graph.microsoft.com/beta/applications

but the ability to create applications is still in beta and hence not recommeded for production workloads. So even though Microsoft Graph API would be recommende for most scenarios, at least for this one, using Azure AD Graph API is the way to go currently.

I have covered this in a little more detail in a similar SO Post here.