Authenticating with Windows Azure Active Directory directly without opening web browser

Question

I referred this question and this MSDN post, but couldn't get the problem fixed.

Below code demonstrates how to perform the WAAD authentication using web browser:

AuthenticationContext auth = new AuthenticationContext("https://login.windows.net/" + myDomain);
AuthenticationResult result = auth.AcquireToken(resource, clientID, resourceAppIDURI);

This opens a browser and user is asked to enter the details which works fine.

However, I have a GUI client, which can take username/password/domain on its own. So the intention is to collect the details from GUI client and directly provide to the WAAD server and get the user authenticated.

How to do that?

Just looking at the overloads of AcquireToken(), I did get some clue (this can be wrong as well):

AuthenticationResult AcquireToken (string resource, Credential credential);

and

AuthenticationResult AcquireToken (string authorizationCode, string redirectUri, ClientCredential credential);

But I fail to understand, how to create the class ClientCredential (subclass of Credential). Important to note that this class belongs to the namespace Microsoft.WindowsAzure.ActiveDirectory.Authentication.
Below are its constructors:

ClientCredential(string clientId, SecureString secureClientSecret);
ClientCredential(string clientId, string clientSecret);

Searching online, I couldn't get much answers, I did get this link. But again the part of SecureString is a mystery to me. How the username/password/domain can be communicated using SecureString?

Answer 1

The older version of AAL supported this. However, it was removed about 2-3 months ago (as well as the sample showing it). Authentication of users now can only be achieved through a browser authentication window.

I'm not 100% sure, but I think the motivation is to create a standard/consistent login experience (for the end-users). If you're on a Windows 8 application, then the WebAuthenticationBroker handles this and users will recognize this for all Windows 8 applications. If you're a web application, then the AzureAD login page is presented and is recognizable.

Answer 2

The ClientCredential overload of AcquireToken that you found is for you to use a client id and secret key to authenticate (so that customers don't have to share their username and password).

Create a "web application" in the WAAD and the application will be given a client id guid. This is the first parameter in your ClientCredential() constructor.

To get the second parameter, add a key to your WAAD web application.

You might want to update to the latest version of AAL, which is now known as ADAL. NuGet link