Highlights of the article series
- How to register an app with Azure Active Directory?
- How do you get the access token using Azure Active Directory authentication?
- How to register a bot application with Azure Bot Service?
- How to use Bot State Service to save user conversation state data such as access tokens?
You can pull the code from GitHub.
Initial Setup
Step 1. Register an app with Azure Active Directory.
Before going to the Azure portal, let's create a web application to manage tokens post-authentication process. Create a new project in Visual Studio with ASP .NET Web Application project template. In the next step, select MVC as the web app template.
Select web application project and press F4. It will display the Properties window. Change the "SSL Enabled" property to true. Make a note of the SSL URL; it will be required while registering the app. It will be used while registering an app.
![SSL Enabled]()
Go to Azure Portal and login to your account. It will open your dashboard, and on the left-hand side menu bar, there is an Azure Active Directory option. Click on that option. It will open the tool pane for Active Directory configurations.
![Azure Active Directory]()
Click on the "App Registrations" menu link. It will list all the applications that were registered previously with Azure Active Directory. You can search apps by ID or the name of the app.
To register a new app, click on the "New application registration" link. Enter the name of an app and provide the SSL URL of your web application created above.
Now, click on the app. It will redirect you to the Settings page app's. Note down the Application ID. Click on the Required Permissions menu link and grant permissions to provide access to Azure Active Directory. To see what permissions are granted, you can click on Permissions, and it will open the list. Now, go to the Keys menu and add a new key, ClientSecret, which will be used while calling the token endpoint to request the access token.
Now, we are ready with app registration and permission.
Step 2. Update web application to handle pre and post-authentication functionality.
Add LoggedinToAzureAD.cshtml under the Views folder.
ViewBag.Title = "Login Success";
<div class="jumbotron">
<p class="lead">Login successful! Continue with chat..</p>
Open HomeController.cs and add the LoginWithAzure() and LoggedinToAzureAD() methods.
public ActionResult LoginWithAzure(string channelId, string userId)
// Save Channel Id and User Id to session
Session["channelId"] = channelId;
Session["userId"] = userId;
string tenantId = "8c3dad1d-xxxx-4f8b-xxxx-8263372eced6";
string clientId = "5e9569bf-xxxx-418d-xxxx-fd33a25b9267";
string redirect_uri = $"https://localhost:44332/HOME/LoggedinToAzureAD";
string url = $"https://login.microsoftonline.com/{tenantId}/oauth2/authorize?client_id={clientId}&response_type=code&redirect_uri={redirect_uri}";
// Redirect to login page
return Redirect(url);
Whenever a user tries to log in, the user will be redirected to the LoginWithAzure view. In the Controller for LoginWithAzure view, we first save the channel ID and user ID in the session. Then, we prepare the URL for Azure login with parameters like tenant ID, client ID, and redirect URI. We have specified the URL of the LoggedinToAzureAD view as a redirect URI. After successful login, Azure will make a post call to the redirect URI with the authorization code as a query string parameter.
public ActionResult LoggedinToAzureAD()
string authorizationcode = Convert.ToString(this.Request.QueryString["code"]);
string tenantId = "8c3dad1d-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
string clientId = "xxxxxxxx-54cd-xxxx-942e-b38145646559";
string clientSecret = "3VRAK0EetjxxxxxxxxxxxxxxxxxqURLMzY60lM=";
string appresourceId = "https://graph.windows.net/";
string redirect_uri = "https://localhost:44332/HOME/LoggedinToAzureAD";
// Build the URI
var builder = new UriBuilder($"https://login.microsoftonline.com/{tenantId}/oauth2/token");
NameValueCollection postBody = new NameValueCollection()
{ "client_id", $"{clientId}" },
{ "client_secret", $"{clientSecret}" },
{ "grant_type", "authorization_code" },
{ "code", $"{authorizationcode}" },
{ "redirect_uri", $"{redirect_uri}" },
{ "resource", $"{appresourceId}" }
// Send the POST request
using (WebClient client = new WebClient())
var responseString = System.Text.Encoding.UTF8.GetString(client.UploadValues(builder.Uri, postBody));
JObject json = JObject.Parse(responseString);
string accessToken = Convert.ToString(json["access_token"]);
StateClient stateClient = new StateClient(new MicrosoftAppCredentials("bot application id", "bot app password"));
BotData userData = stateClient.BotState.GetUserData(Convert.ToString(Session["channelId"]), Convert.ToString(Session["userId"]));
userData.SetProperty<string>("AccessToken", accessToken);
stateClient.BotState.SetUserData(Convert.ToString(Session["channelId"]), Convert.ToString(Session["userId"]), userData);
return View();
As we have mentioned, the URL of the LoggedinToAzure view redirects to the URI. After login, Azure will redirect the user to the LoggedinToAzure view with the authorization code as a query string parameter. We will call the token endpoint to get the access token by sending the client id, client secret, and resource as Graph API resource URL. We will make a POST call to a token endpoint using WebClient. It will return an access token. We will save this access token to the Bot State Service for the selected channel and user ID. To access the Bot State Service, we will use the app ID and app password that we get while registering a bot application.
We are ready with the initial setup of Azure Active Directory and Authentication Web App. We will discuss how to register a bot and the usage of bot state service in the next article of this series. Until then, keep creating chatbots.