Scribd
Upload
67 views

User Guide

Uploaded by

email2mesurya
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
67 views

User Guide

Uploaded by

email2mesurya
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

MSAL.

NET
User Guide

Document Revision 2.0


MSAL.NET - User Guide
Trademarks and copyright

Trademarks and copyright


The descriptions and screenshots contained in this document are licensed under the Creative Commons Attribution-ShareAlike
(CC-BY-SA) 3.0 license https://creativecommons.org/licenses/by-sa/3.0/.
© Blue Prism Limited, 2001 – 2023
®“Blue Prism”, the “Blue Prism” logo and Prism device are either trademarks or registered trademarks of Blue Prism Limited and
its affiliates. All Rights Reserved
All trademarks are hereby acknowledged and are used to the benefit of their respective owners.
Blue Prism is not responsible for the content of external websites referenced by this document.
Blue Prism Limited, 2 Cinnamon Park, Crab Lane, Warrington, WA2 0XP, United Kingdom
Registered in England: Reg. No. 4260035. Tel: +44 870 879 3000. Web: www.blueprism.com

Commercial in Confidence Page ii


MSAL.NET - User Guide
Contents

Contents
Introduction ................................................................................................................................................................ 2
Prerequisites .............................................................................................................................................................. 3
App Registration .................................................................................................................................................... 3
Configuration ............................................................................................................................................................. 6
Using the Asset ......................................................................................................................................................... 7
Get Auth Token - Client Secret ........................................................................................................................... 7
Get Auth Token - Certificate ................................................................................................................................ 7
Get Auth Token - Integrated Windows Auth ..................................................................................................... 8
Get Auth Token - Username and Password ..................................................................................................... 8
Support ....................................................................................................................................................................... 9

Commercial in Confidence Page iii


MSAL.NET - User Guide
Introduction

Introduction
The Microsoft Authentication Library (MSAL) for .NET is part of the Microsoft Identity Platform for developers
(formerly named Azure AD). It enables the acquisition of security tokens for use in calling protected APIs. It uses
industry standard OAuth2 and OpenID Connect features.

The MSAL.NET VBO is a Blue Prism implementation of this library with support for the following
authentication/authorization types:

• Client Secret
• Client X.509 Certificate
• Integrated Windows Authentication
• Username & Password

Commercial in Confidence Page 2 of 9


MSAL.NET - User Guide
Prerequisites

Prerequisites
The MSAL.NET VBO depends on the following components:

• Utility - Collection Manipulation


o https://digitalexchange.blueprism.com/dx/entry/3439/solution/utility---collection-
manipulation
• Utility - File Management
o https://digitalexchange.blueprism.com/dx/entry/3439/solution/utility---file-management
• Utility - Windows Compressed File
o https://digitalexchange.blueprism.com/dx/entry/3439/solution/utility---windows-
compressed-file-2
• Microsoft.Identity.Client.dll
o Included in the MSAL.NET asset zip file
o https://digitalexchange.blueprism.com/dx/entry/9648/solution/msalnet

App Registration
Before using this connector, you must create a App Registration within your Azure Active Directory with
sufficient permission to interrogate and manage user accounts. Additionally set the API permissions as
necessary depending upon the API actions that you plan to use.
Creation of the App Registration will provide you with the following items you will need to configure the
Microsoft Graph Teams Authentication VBO within Blue Prism:
Required Credential Information
• Client ID
• Client Secret
Web API Service Definition Information
• Azure Tenant ID

Commercial in Confidence Page 3 of 9


MSAL.NET - User Guide
Prerequisites

Figure 1 - Azure App Registration

Figure 2 - App Registration Details

Commercial in Confidence Page 4 of 9


MSAL.NET - User Guide
Prerequisites

Figure 3 - Client Secret

Depending on the actions that you need to use, you need to grant Application or Delegated permissions
as below.

Figure 4 – API Permissions

NOTE: If you plan to use Delegated Permissions, your Azure administrator will need to use the Grant
admin consent for XYZ link to pre-authorize delegated access.

Commercial in Confidence Page 5 of 9


MSAL.NET - User Guide
Configuration

Configuration
The use the MSAL.NET VBO:

1. Download the MSAL.NET asset from the Digital Exchange.


2. Extract the contents of the zip archive to a local folder.
3. Import the MSAL.NET bprelease into your Blue Prism environment.
4. Copy the Microsoft.Identity.Client.dll to Blue Prism Automate folder (ex. C:\Program Files\Blue
Prism Limited\Blue Prism Automate).

NOTE: To use the VBO, you must have an application definition within your Azure environment. Further,
you will have to provide the Tenant ID, for your Azure tenant, and the Client ID of the application
definition.

Commercial in Confidence Page 6 of 9


MSAL.NET - User Guide
Using the Asset

Using the Asset


Get Auth Token - Client Secret
Retrieves an access token using the supplied Client ID and Client Secret.

Input:
Name Description Data Type
TenantID Tenant ID of the organization Text
ClientID Client ID of the Azure app Text
ClientSecret Secret key for the Azure app Password
Scope Optional: Comma-delimited list of scopes for authorization. Default Text
value is https://graph.microsoft.com/.default.

Output:
Name Description Data Type
AccessToken Retrieved access token Text
Status A flag indicating the success or failure of the action. Flag
Exception Contains exception message if there was an error getting the Text
access token

Get Auth Token - Certificate


Retrieves an access token based using Client ID and a local X.509 certificate.
NOTE: Refer https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-self-signed-
certificate for steps on how generate self-signed certificate, for testing, to authenticate to your
application.

Input:
Name Description Data Type
TenantID Tenant ID of the organization Text
ClientID Client ID of the Azure app Text
Scope Optional: Comma-delimited list of scopes for authorization. Default Text
value is https://graph.microsoft.com/.default.
pfx File Path Path to certificate in pfx format Text
pfx Secret Key Secret key (aka password) for the pfx certificate Password

Output:
Name Description Data Type
Result The result from the HTTP Call. Text
Status A flag indicating the success or failure of the action. Flag
Exception Contains exception message if there was an error getting the Text
access token

Commercial in Confidence Page 7 of 9


MSAL.NET - User Guide
Using the Asset

Get Auth Token - Integrated Windows Auth


Retrieves an access token using the supplied Client ID and the credentials of the logged in Windows
user.
NOTE: IWA supports AD FS-federated users only - users created in Active Directory and backed by
Azure AD. Users created directly in Azure AD without Active Directory backing (managed users) cannot
use this authentication flow.

Input:
Name Description Data Type
TenantID Tenant ID of the organization Text
ClientID Client ID of the Azure app Text
Scope Optional: Comma-delimited list of scopes for authorization. Default Text
value is https://graph.microsoft.com/.default.

Output:
Name Description Data Type
AccessToken Retrieved access token Text
Status A flag indicating the success or failure of the action. Flag
Exception Contains exception message if there was an error getting the Text
access token

Get Auth Token - Username and Password


Retrieves an access token using the supplied Client ID and the username and password of a Windows
user.

Input:
Name Description Data Type
TenantID Tenant ID of the organization Text
ClientID Client ID of the Azure app Text
Username Identifier of the user which the application requests token on Text
behalf of. Generally, in UserPrincipalName (UPN) format, e.g.
[email protected].
Password Password for the specified user. Password
Scope Optional: Comma-delimited list of scopes for authorization. Default Text
value is https://graph.microsoft.com/.default.

Output:
Name Description Data Type
AccessToken Retrieved access token Text
Status A flag indicating the success or failure of the action. Flag
Exception Contains exception message if there was an error getting the Text
access token

Commercial in Confidence Page 8 of 9


MSAL.NET - User Guide
Support

Support
This asset is provided free-of-charge by Blue Prism. Blue Prism does not provide formal support of this
asset. Please direct any questions you have, related to this asset, to the Digital Exchange Community
page:
https://community.blueprism.com/communities/community-home?CommunityKey=1e516cfe-4d1f-4de9-
a9eb-58d15bf38c81

Commercial in Confidence Page 9 of 9

You might also like