Monday, 2 February 2015

Azure AD Graph API Introduction & Installation

This is the first chapter about how to communicate between the Graph API and one simple platform we are going to create.

If you don’t know what Graph API is, I am going to give you a quick description… it is just an API to talk with AZURE AD, so something like get users, user properties, permissions etc.

So, let’s go to explain everything in more detail… In Azure Active Directory (AAD) there is a Graph API. The idea of a Graph API come probably from Facebook, the were the first ones in going ahead with the idea or at least the one the extend the idea.

So why is it called Graph API?, that is an interesting question, isn’t it? A graph is a mathematical concept which surface nodes and more nodes, and connect them in one way or another, so if you see how Active Directory works, you will realise it is the same thing, so the Azure version AAD is just that. So Graph API for Azure AD allows you to do CRUD (Create, Read, Update, Delete) operations against AD (or being clear Azure AD) with the REST (Representational State Transfer) protocol, It is simple to use, especially when compared with with the horrible directory access such as the LDAP.

I always like to compare a AD or Azure AD with a file system, so image with want to access to some files in your file system…we could use a Graph API (not this one a custom one :) )

Access to the Graph API is done in two steps.

  1. The first one is the authentication (based on tenant-ID, client-ID and credentials), which is done against the Windows AAD authentication service. The authentication service returns a JWT Token.
  2. This token then can be used for running Graph API queries. The Graph API relies on an RBAC (Role Based Access Control) model. It authorizes every request and returns the result set if the authorization has been successful.


What do we need?

  1. An Internet Connection: If you don’t have one, you will be not probably reading this so…
  2. Azure Subscription: If you don’t have one,you can get a 90 days trial one, here is the link Azure Free Trial.
  3. Azure AD Tenant Permissions to Access Directory Data: We need to grant access, to the API… see below.
Permission name Description Type
Enable sign-on and read users' profiles Allow users to sign in to the application with their organizational accounts and let the application read the profiles of signed-in users, such as their email address and contact information. Delegation permission only. Can be consented by users.
Access your organization's directory Allow the application to access your organization's directory on behalf of the signed-in user.

Delegation permission only. Can be consented by users in a native client and only by an administrator for web applications.

Read directory data Allow the application to read data in your organization's directory, such as users, groups and applications.

Delegation and application permission. Must be consented by an administrator.

Read and write directory data Allow the application to read and write data in your organization's directory, such as users and groups.

Delegation and application permission. Must be consented by an administrator.

So now… you will be asking where is this coming from:

Go to

Go to Active Directory:

Go to AD Name:

Select APPLICATIONS and then your application, in this case WebApplication5

Select CONFIGURE and in Windows Azure Active Directory select all the Delegated Permissions and Application Permissions

With all of this done, I think we are ready for the next step, login into Windows and  the Graph API. That will be the next post.


ninest123 said...

replica watches, louis vuitton, air jordan pas cher, longchamp pas cher, ray ban sunglasses, nike air max, oakley sunglasses, ugg boots, oakley sunglasses, nike free, nike roshe run, louboutin shoes, michael kors, louboutin, longchamp outlet, louis vuitton outlet, polo ralph lauren outlet, longchamp outlet, tiffany jewelry, tiffany and co, jordan shoes, tory burch outlet, ugg boots, air max, louis vuitton, replica watches, nike free, louis vuitton, uggs on sale, sac longchamp, burberry, chanel handbags, oakley sunglasses, polo ralph lauren outlet, louboutin outlet, longchamp, louis vuitton outlet, prada outlet, cheap oakley sunglasses, oakley sunglasses, christian louboutin outlet, louboutin pas cher, ralph lauren pas cher, ray ban sunglasses, kate spade outlet, ray ban sunglasses, nike air max, prada handbags, gucci outlet, nike outlet

ninest123 said...

burberry outlet online, nike air max, coach purses, nike air max, michael kors, timberland, new balance pas cher, true religion jeans, kate spade handbags, nike free run uk, north face, true religion jeans, ralph lauren uk, air force, hollister pas cher, ray ban uk, converse pas cher, lacoste pas cher, michael kors outlet, michael kors outlet, ugg boots, michael kors outlet, michael kors outlet, coach outlet, vans pas cher, hollister, burberry, coach outlet, nike blazer, oakley pas cher, vanessa bruno, mulberry, ugg boots, lululemon, hermes, tn pas cher, ray ban pas cher, sac guess, hogan, true religion jeans, abercrombie and fitch, true religion outlet, michael kors, nike air max, michael kors outlet, replica handbags, michael kors, nike roshe, north face, michael kors

ninest123 said...

longchamp, iphone 5s cases, hollister, ferragamo shoes, herve leger, jimmy choo shoes, giuseppe zanotti, north face outlet, vans shoes, mont blanc, nike huarache, celine handbags, iphone cases, iphone 6s cases, nike trainers, lululemon, louboutin, ralph lauren, iphone 6 cases, babyliss, s5 cases, hollister, north face outlet, nfl jerseys, bottega veneta, soccer shoes, oakley, baseball bats, abercrombie and fitch, ghd, chi flat iron, valentino shoes, beats by dre, asics running shoes, wedding dresses, reebok shoes, timberland boots, ipad cases, mac cosmetics, mcm handbags, nike roshe, nike air max, insanity workout, iphone 6s plus cases, birkin bag, p90x workout, hollister, instyler, iphone 6 plus cases, soccer jerseys, new balance

ninest123 said...

barbour jackets, toms shoes, lancel, supra shoes, juicy couture outlet, moncler, moncler, louis vuitton, thomas sabo, hollister, canada goose uk, canada goose, louis vuitton, doudoune canada goose, converse outlet, canada goose outlet, replica watches, bottes ugg, canada goose outlet, nike air max, gucci, moncler, pandora jewelry, canada goose, karen millen, marc jacobs, converse, moncler, ray ban, wedding dresses, montre pas cher, ugg,ugg australia,ugg italia, moncler, pandora charms, canada goose, moncler, canada goose, ugg,uggs,uggs canada, moncler, vans, swarovski crystal, sac louis vuitton pas cher, pandora jewelry, juicy couture outlet, louis vuitton, louis vuitton, moncler outlet, coach outlet, swarovski, ugg boots uk, links of london, ugg pas cher, pandora charms