search

Azure-Samples / active-directory-dotnet-graphapi-web

A .NET 4.5 MVC web app that demonstrates how to query the Azure AD Graph API using the Azure AD Graph Client Library
82 stars 68 forks source link

User+App delegated Access token is stored in static variable which could be shared by users #23

Open anujc opened 9 years ago

anujc commented 9 years ago

Please correct me if I am wrong but it looks like a User+App delegated Access token is acquired in Startup.cs and it is stored in a static variable. Will this static variable be shared by all users.

AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode( code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId); AuthenticationHelper.token = result.AccessToken;

So will usersA's access token be used by UserB?

I see that the UserProfileController uses the user's token from NaiveCache but other controllers like ContactsController use the static token in GetActiveDirectoryClient(). Is there a reason why the token is not obtained from NaiveCache?

dkershaw10 commented 8 years ago

From a sample point of view, we show you how to get a token using ADAL, refresh tokens or get a new token for new users. You can change the behavior according to your scenario.