Team members: James Kinsler-Lubienski, Anirudh Lakra, Dian Kalaydzhiev (Class COMP0016, 2020-21)
Supervised by Dr Dean Mohamedally, Dr Graham Roberts, Dr Yun Fu, Dr Atia Rafiq and Elizabeth Krymalowski
University College London IXN
Guest post by James Kinsler-Lubienski, Anirudh Lakra, Dian Kalaydzhiev
When designing an application we need to be mindful about privacy and security concerns when accessing data within the application, in particular taking into consideration anything that is sensitive, personalised, or should not be written to an insecure local disk. In the medical context, for example, every day clinicians may have to use several machines, often connecting to a local area network to retrieve their profile, settings, and data. This must be done in a safe and reliable way.
Enter Microsoft Graphs API. By using this API we can offload much of the management of login security to Microsoft. The API provides a wide range of new functionality that can be integrated into an application such as storing data of personal relevance generated by an app to a user’s own OneDrive account. Thus any device with the same application can be logged in via Single Sign-On (SSO) and retrieve where that user left off.
This work is part of a larger project called Consultation-Plus that we worked on with the Royal College of General Practitioners and several NHS staff. We will be discussing that project in a separate article, but in summary it is a native application that allows clinicians to rank the articles that they come across, store a search history that is personalised in their own OneDrive account (like bookmarks with scores), use different machines to continue their research, and then elect to share articles and scores with other clinicians when ready.
In this article, we will describe the steps needed to implement SSO, and saving and loading of files from the logged in users’ OneDrive into a desktop C# application.
Setting up
Note that while implementing this solution you will also implement a Microsoft Live SSO. This is because Microsoft must authenticate the user and, therefore, ask the user for permission to let this application access their OneDrive resources. Another article also discusses this.
- The first thing we must do is sign up our application on the Azure Active Directory. Head over to this link and sign-in. After signing-in go to “App registrations”.
- Click on “+ New registration” and register your application. You can enter any app name you want and in “Supported account types” select “Accounts in any organizational directory (any Azure AD directory multitenant)”. In the “Redirect URI” section select “Mobile and Desktop applications” and enter http://localhost. This is for testing purposes. When the application is deployed this URL should be changed but for this example http://localhost is sufficient.
- Once your application is created click on it in “App registrations” and select “View API permissions”. Here you should add permissions that you want your applications to have. We want to access the user’s OneDrive so we will use Files.ReadWrite.AppFolder. We could also use Files.ReadWrite but this raises privacy concerns since it gives our application full read/write access to all the files in the user’s OneDrive. Files.ReadWrite.AppFolder is a special permission that allows our application to only be able to access its own special folder that is created the first time a user logs in. To add permission click “+ permissions” then select “Microsoft Graph” and then “Delegated permissions”. Navigate to the “Files” tab and select “Files.ReadWrite.AppFolder” from there. Click “Add permissions”.
- Copy the “Application (client) ID” from your application page in “App registrations”. You will need this for the code example.
That is all you need to do to set up. Now we move onto showing C# code to implement SSO and saving/loading files from a user’s OneDrive.
C# Example code
Paste your client ID and add import statements to import the following libraries (if you don’t have them installed use NuGet to install them):
- Microsoft.Graph
- Microsoft.Graph.Auth
- Microsoft.Identity.Client
The code below shows you how to implement SSO and allows the user to login.
Once the user has logged in, we can access our application’s folder in their OneDrive.
The following code shows you how to save or create a file in that folder. However, if the file already exists this method will overwrite its existing content. This method works with strings so if your data is not in string form you should try to convert it to json format. We can recommend using the external library Newtonsoft.Json to do this.
If you want to append new content to an existing file, you should first load that content into your application then append the new data to the loaded content and upload it using the method above. We would advise being careful with this method because if the file content is larger than 4 MB it will not work and you will need to use the method that Microsoft has documented here instead.
The code snippet below outlines how to download the contents of a file
If you would like to see how our application uses Microsoft Graphs API, you can click on this link to see a class that is entirely dedicated to handling of the Graphs API.
Source Code
Microsoft has provided a large amount of documentation regarding the use of the Graphs API. In each of the links below you can access further information via the links on the left-hand side in the Table of Contents.
Here are some helpful links:
- Overview of Graphs API
- Overview of handling files in OneDrive with Graphs API
- Uploading files
- Downloading files
- Microsoft Graph Fundamentals - Learn | Microsoft Docs
- Build apps with Microsoft Graph – Associate - Learn | Microsoft Docs