consuming dataverse api as logged in user - Using Umbraco And Getting Started

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Leonard Hulley 1 post 71 karma points

May 18, 2023 @ 18:53

Consuming Dataverse API as logged in user (Umbraco 11)

Using Umbraco And Getting Started

Umbraco 9

In my use case I get my member to authenticate using Microsoft Identity Web App (so they have to be a user in my tenant), and I am using auto linking to create them an Umbraco account if it is their first log in. They then need to be able to consume a Dataverse API which is in the same tenant, using their logged in account. I've been able to consume the API using a service principal, but not as the user themselves.

Here is my code configuring the external authentication provider for members:

 string[] scopes = { builder.Config.GetValue<string>("DataverseConfig:BaseUri") + "/user_impersonation" };


        builder.Services.ConfigureOptions<AzureMembersExternalLoginProviderOptions>();
        builder.AddMemberExternalLogins(logins =>
        {
            logins.AddMemberLogin(
                memberAuthenticationBuilder =>
                {
                    memberAuthenticationBuilder.AddMicrosoftIdentityWebApp(builder.Config.GetSection("AzureAd"),
                    memberAuthenticationBuilder.SchemeForMembers(AzureMembersExternalLoginProviderOptions.SchemeName))
                    .EnableTokenAcquisitionToCallDownstreamApi(scopes)
                    .AddInMemoryTokenCaches();
                });
        });

Here is the code to get an access token for the Dataverse API:

private async Task<string> GetToken()
    {
        var authBuilder = PublicClientApplicationBuilder.Create(_configuration.GetValue<string>("AzureAd:ClientId"))
             .WithTenantId(_configuration.GetValue<string>("AzureAd:TenantId"))
             .Build();

        string[] scopes = { _configuration.GetValue<string>("DataverseConfig:BaseUri") + "/user_impersonation" };

        var accounts = await authBuilder.GetAccountsAsync();

        AuthenticationResult tokenResult;
        if (accounts.Any())
        {
            tokenResult = await authBuilder.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
                                            .ExecuteAsync();
        }
        else
        {
            tokenResult = await authBuilder.AcquireTokenInteractive(scopes)
                                            .ExecuteAsync();
        }

        return tokenResult.AccessToken;
    }

GetAccountsAsync returns no accounts even though the user is logged in, and then the attempt to interact with the user fails because of the redirection flow.