How can I Create App registration and Add Permissions in Microsoft Entra ID using C# code

Question

I have developed a web application that successfully executes PowerShell scripts on my local machine. However, upon deploying the application to Azure App Service, I encountered errors indicating that the PowerShell commands were not being executed. Despite my efforts, I couldn't find any C# code examples for creating an App registration and adding permissions programmatically.

Scenario 1: Create App registration in Microsoft Entra ID(AAD).

Scenario 2: Update Permissions, Authentication type, Adding Owners into above created App registration.

In essence, my objective is to accomplish the following tasks:

• Execute PowerShell scripts within the web application.
• Ensure that these PowerShell commands function correctly when the application is deployed to Azure App Service.
• Investigate potential alternatives, such as utilizing C# code, to programmatically create an App registration and add permissions.

Below Script used to create App registration

$appName = $PartnerName+$PartnerAppSuffix
$redirectUris = @("https://mscloud.onmicrosoft.com/$appName")
$secretName = "secretKey"

$App = New-AzADApplication -DisplayName $appName `
    -ReplyUrls $redirectUris `
    -Homepage "https://mscloud.onmicrosoft.com/$appName" `
    -IdentifierUris "https://mscloud.onmicrosoft.com/$appName" `
    -Web @{
        ImplicitGrantSetting = @{
            EnableAccessTokenIssuance = $true
            EnableIdTokenIssuance = $true
        }
    }

# Create a new service principal for the app
$ServicePrincipal = New-AzADServicePrincipal -ApplicationId $App.AppId

I'm in search of C# code snippets that facilitate the creation of App registrations and the addition of permissions and owners programmatically.

Answer 1

I agree with @Tiny Wang, you can make use of Microsoft Graph API to create the application and assign permissions:

using Microsoft.Graph;
using Azure.Identity;
using Microsoft.Graph.Models;

class Program
{
    static async Task Main(string[] args)
    {
        var scopes = new[] { "https://graph.microsoft.com/.default" };
        var clientId = "ClientID";
        var tenantId = "TenantID";
        var clientSecret = "ClientSecret";

        var options = new ClientSecretCredentialOptions
        {
            AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
        };

        var clientSecretCredential = new ClientSecretCredential(
            tenantId, clientId, clientSecret, options);
        var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

        // Create the application with required permissions
        var requestBody = new Application
        {
            DisplayName = "testrukcapp",
            RequiredResourceAccess = new List<RequiredResourceAccess>
            {
                new RequiredResourceAccess
                {
                    ResourceAppId = "00000003-0000-0000-c000-000000000000",
                    ResourceAccess = new List<ResourceAccess>
                    {
                        new ResourceAccess
                        {
                            Id = Guid.Parse("a154be20-db9c-4678-8ab7-66f6cc099a59"),
                            Type = "Scope",
                        },
                        new ResourceAccess
                        {
                            Id = Guid.Parse("14dad69e-099b-42c9-810b-d002981feec1"),
                            Type = "Scope",
                        },
                    },
                },
            },
        };

        try
        {
            
            var result = await graphClient.Applications.PostAsync(requestBody);
            Console.WriteLine("Application created successfully!");
            Console.WriteLine($"Application ID: {result.Id}");
        }
        catch (Exception ex)
        {
            Console.WriteLine($"Error creating application: {ex.Message}");
        }
    }
}

The Microsoft Entra ID application created successfully with the permissions like below:

Note that: The application you are using to authenticate must be granted with Application.ReadWrite.All application type permission.

• Pass user.read permission to create the Service Principal.

Reference:

Create application - Microsoft Graph v1.0 | Microsoft