In the scenario I refer to this blog, customer would like to authenticate the demon app with Azure Active Directory using a certificate. This Customer use .NET Framework 3.0 and not ready to upgrade the client code to use MSAL.NET or Microsoft Identity Model. Here I will go through how to generate a client assertion and get the access token from Azure AD using native C# code.
To get a token by using the client credentials grant, we need to send a POST request to the /token Microsoft identity platform. There are three ways to get the token.
1. Get Access Token using Client Secret
2. Get Access Token using certificate
3. Get Access Token using federated client
Second and third case is almost similar, with one crucial exception - the source of the client_assertion. In the third case, your application does not create the JWT assertion itself. Instead, your app uses a JWT created by another identity provider. As part of this blog, I will discuss to get the access token using a certificate by generating a client assertion.
There are two projects in the repo. GenerateAccessTokenfromAzureAD can be used to get the Token directly using the certificate. This project internally generates the client_assertion with the certificate and calls the /token endpoint to get the token from Active Directory. You can use GenerateClientAssertion project to generate only the jwt(client_assertion).
Step 2: Register the client app in Azure Active Directory tenant