For native applications which can support interative authentication prompts, the Azure Active Directory Authentication Library (ADAL) makes it easy to setup authentication flows for users.
For native applications which cannot support interactive authentication prompts, please check out our Device Profile Sample.
This buildable sample will walk you through the steps to create a client-side console application which uses ADAL to authenticate a user via an interactive prompt and return a list of all projects inside a selected Azure DevOps account.
To run this sample for an Azure Active Directory backed Azure DevOps account you will need:
- Visual Studio IDE
- An Azure Active Directory (AAD) tenant. If you do not have one, follow these steps to set up an AAD
- A user account in your AAD tenant
- A Azure DevOps account backed by your AAD tenant where your user account has access. If you have an existing Azure DevOps account not connected to your AAD tenant follow these steps to connect your AAD tenant to your Azure DevOps account
To run this sample for a Microsoft Account backed Azure DevOps account you will need:
- Visual Studio IDE
- A Azure DevOps account not connected to AAD
From a shell or command line:
git clone https://github.com/Microsoft/vsts-auth-samples.git
Step 2: Register the sample application with you Azure Active Directory tenant (AAD backed Azure DevOps account)
If you are a Microsoft Account backed Azure DevOps account please skip this step.
- Sign in to the Azure Portal.
- On the top bar, click on your account and under the Directory list, choose the Active Directory tenant where you wish to register your application.
- On the left hand navigation menu, select
Azure Active Directory
. - Click on
App registrations
and selectNew registration
from the top bar. - Enter a
Name
for your application, ex. "Adal native app sample", choose aSupported account type
as required, ex. to be on the save site for testing, take the third option, then selectPublic client (mobile & desktop)
inRedirect URI
dropdown and enterurn:ietf:wg:oauth:2.0:oob
as the URI in the text box next to it. Finally clickcreate
at the bottom of the screen. - Save the
Application ID
from your new application registration. You will need it later in this sample. - Grant permissions for Azure DevOps. Click
API Permissions
->Add a permission
->1 Select an API
-> type in and selectAzure DevOps
-> check the box foruser_impersonation
-> clickAdd permissions
.
Package: Microsoft.Identity.Model.Clients.ActiveDirectory
has already been installed and configured in the sample, but if you are adding to your own project you will need to install and configure it yourself.
- Navigate to the ADAL C# sample in cloned repo
vsts-auth-samples/ManagedClientConsoleAppSample/
. - Open the solution file
ManagedClientConsoleAppSample.sln
in Visual Studio 2017. - Use Nuget package restore to ensure you have all dependencies installed.
- Open CS file
Program.cs
and there is a section with input values to change at the top of the class:azureDevOpsOrganizationUrl
- update this with the url to your Azure DevOps/TFS collection, e.g. http://dev.azure.com/organization for Azure DevOps.clientId
- update this with theapplication id
you saved from step 2.6 above.replyUri
- update this tohttp://adalsample
, you can add other reply urls in azure portal
- Build and run the solution. After running you should see an interactive login prompt. Then after authentication and authorization, a list of all projects inside of your account.
- Navigate to the ADAL C# sample in cloned repo
vsts-auth-samples/ManagedClientConsoleAppSample/
. - Open the solution file
ManagedClientConsoleAppSample.sln
in Visual Studio 2017. - Use Nuget package restore to ensure you have all dependencies installed.
- Open CS file
Program.cs
and there is a section with input values to change at the top of the class:azureDevOpsOrganizationUrl
- update this with the url to your Azure DevOps/TFS collection, e.g. http://dev.azure.com/organization for Azure DevOps.clientId
- Do not change this value. It must be used to run the sample successfully.replyUri
- Do not change this value. It must be used to run the sample successfully.
- Build and run the solution. After running you should see an interactive login prompt. Then after authentication and authorization, a list of all projects inside of your account.