C# AzureAD joined device - retrieve token for Graph API silently

Question

I want to create Graph API client as logged in user. The device is Azure active directory joined device. Documentation says I should use Integrated windows authentication. But it ends up with exception: "The system cannot contact a domain controller to service the authentication request". This is expected because I want this to work from any network. Can this be done silently?

My actual code:

var authProvider = new DelegateAuthenticationProvider(async (request) => {
var result = await pca.AcquireTokenByIntegratedWindowsAuth(scopes).ExecuteAsync();

request.Headers.Authorization =
    new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", result.AccessToken);
});
var graphClient = new GraphServiceClient(authProvider);

Answer 1

Thank you @Miroslav Adamec for your question about to create and get access token from azure ad silently. It will surely be a valuable addition to the SO community. For the same purpose as stated by @Tiny Wang, posting your comment as an answer as it will be easy for other people with same issue to find it .

"Looking at your code which you are using DelegateAuthentication refers to allowing users to sign in before generating the access token."

Also as stated in the given MS DOC followings are need to be done before trying, as IWA is a silent flow

• The user of your app must have given their permission to use it earlier.

• To use the application, the tenant admin must have given prior permission to all users in the tenant.

For more information please refer the below links:-

• MICROSOFT DOCUMENT|Get access on behalf of a user.

• SO THREAD| How to get Azure AD token in web app silently C#.