This post is part of a few other posts I’ve published this week about the authentication part of working with the Office 365 APIs. Specifically, the process of authenticating and obtaining an access token that you have to include on every request to the Office 365 APIs is tricky. Maybe the base process isn’t so hard for folks, but everything around it is confusing to some. So I’m sharing stuff I’ve picked up along the way.
When calling the Office 365 APIs you have to pass along an OAuth2 access token in each request. You get this token from Microsoft Entra ID by authenticating the user within the context of an app. If you’re building an application with .NET, you are likely going to use the Microsoft Entra ID Authentication Library to simplify your life. Specifically, within your project you’ll likely add the NuGet package Microsoft.IdentityModel.Clients.ActiveDirectory. This contains all the stuff you’ll use to authenticate with Microsoft Entra ID to obtain the access tokens. There are also ADAL NuGet packages for iOS & Android apps that take advantage of Xamarin.
So what’s all this talk about OWIN? The Open Web Internet Interface for .NET or OWIN as it’s better known, is an open & standard interface that is supposed to make the links between web servers and web applications less coupled. How does it play into the Office 365 APIs? Actually they don’t… the idea is to make the authentication process within a web application a bit simpler. Microsoft clearly wants us to use OWIN to take advantage of this architecture in our authentication in web applications and other ways that it makes sense down the road.
OK, so how do you use this? For instance, this is going to help by pushing the authentication process deeper into what we used to know as the ASP.NET pipeline. If you haven’t done this before it can be a bit confusing… but I’ve got a process that I follow that makes it easy to set up. In the next post I’ll show you how to can do this in a custom ASP.NET MVC application.
Microsoft MVP, Full-Stack Developer & Chief Course Artisan - Voitanos LLC.
Andrew Connell is a full stack developer who focuses on Microsoft Azure & Microsoft 365. He’s a 20+ year recipient of Microsoft’s MVP award and has helped thousands of developers through the various courses he’s authored & taught. Whether it’s an introduction to the entire ecosystem, or a deep dive into a specific software, his resources, tools, and support help web developers become experts in the Microsoft 365 ecosystem, so they can become irreplaceable in their organization.
