{"id":5116,"date":"2020-07-21T13:14:45","date_gmt":"2020-07-21T20:14:45","guid":{"rendered":"https:\/\/officedevblogs.wpengine.com\/?p=5116"},"modified":"2021-11-17T13:13:50","modified_gmt":"2021-11-17T21:13:50","slug":"how-to-build-a-blazor-web-app-with-azure-active-directory-authentication-and-microsoft-graph","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/how-to-build-a-blazor-web-app-with-azure-active-directory-authentication-and-microsoft-graph\/","title":{"rendered":"How to build a Blazor web app with Azure Active Directory authentication and Microsoft Graph"},"content":{"rendered":"

If you\u2019re a .NET developer, then it\u2019s quite likely that you\u2019ve heard how Blazor is one of the hottest technologies these days.\u00a0 Blazor is a framework for building interactive client-side web UI with .NET. Blazor Server, the one that we will focus on this blog post, provides support for hosting Razor components on the server in an ASP.NET Core app. UI updates are handled over a SignalR connection. And since most applications require some form of authentication and authorization, what better way to show you how to implement authentication with Azure AD and how to retrieve data from Microsoft Graph.<\/p>\n

Prerequisites<\/h3>\n

To follow along you\u2019ll need to have the latest version of the .NET Core 3.1 SDK<\/a>, Visual Studio 2019<\/a> (optional but a great choice) and an Azure AD tenant. If you don\u2019t have access to an Azure AD tenant, then you get one totally FREE by either registering to the Microsoft 365 Developer program<\/a> or by creating a Free Azure Trial<\/a> account<\/p>\n

Blazor and authentication<\/h3>\n

If you\u2019re building Blazor (server-side) apps, then we have some great news. The Visual Studio and CLI templates support authentication out of the box. Open Visual Studio and create a new Blazor app. We will name it \u201cBlazorAppWithAuth\u201d and follow the rest of the instructions below.<\/p>\n

\"\"<\/p>\n

By selecting the Work or School Accounts authentication option, Visual Studio created the appropriate app registration in Azure AD and configured our Blazor app with the necessary settings and code in order for authentication to work out of-the-box. We can confirm this by inspecting the appsettings.json.<\/p>\n

\"\"<\/p>\n

And if we jump to our App Registrations tab in Azure AD in the Azure portal,\u00a0 we can see that there is an app registration that matches exactly what we see inside Visual Studio.<\/p>\n

\"\"<\/p>\n

Without writing a single line of code, our Blazor app will prompt users for a login before accessing any page. We can quickly test this by launching the app in Visual Studio. The first time we access the site, we will also be prompted to consent to the (default) permissions required by the app (i.e to read the user\u2019s profile)<\/p>\n

\"\"\"\"<\/p>\n

At this point you may assume that our task is done, but there are a couple of gotchas. Firstly, the code that the default template is using is older and for this reason it also defaults to the v1 Azure AD endpoints. If you want to know why you should be using the Microsoft identity platform and the v2 endpoint, then be sure to review our Microsoft identity platform documentation<\/a>.<\/p>\n

Modernizing authentication with Microsoft.Identity.Web<\/h3>\n

At Build 2020<\/a> we announced a new authentication and token management library for ASP.NET Core 3.1 (and above) apps. The new library does a great job in abstracting a lot of the complexities and allowing developers to quickly implement authentication within a few lines of code. However, the biggest benefit is that since this library is built on top of MSAL, you don\u2019t need two separate libraries to authenticate first and then acquire tokens for speaking to back-end APIs. So, let\u2019s see what it takes to migrate to the latest library.<\/p>\n

NOTE: Microsoft.Identity.Web is still in preview with the GA coming soon.<\/p>\n

First, we need to download the new NuGet packages:<\/p>\n