Why I think Microsoft should update the docs!

Microsoft Partner Center DotNet Samples Secure App Model KeyVault Integration — Here is how it works

I recently had to work with the so-called Microsoft Partner Center Secure App Model with KeyVault integration, so I went through the GitHub sample provided and downloaded the same. As it was a completely new thing for me, I had to go through many documentation provided by Microsoft, for example, this documentation says about the Authentication, and that’s exactly what I wanted to try. Sometimes following the document will not work, and I had to spend hours fixing the issues. That is the reason why I planned to write this post. I hope it will be helpful.

Partner Consent

How does authentication work?

Before we go and set up our application it is important that you should understand how the authentication mechanism works here.

There are two kinds of authentication in the Partner Center.

1. App-only, which will just be using the AD app we create.
2. App + User, that will require both app and the user context.

Microsoft had created a new authentication model when we create App + User, which is the Secure application Model. This uses, multi-factor-authentication. This model is recommended and more secure, and with this approach, we can make sure that it supports all the operations as App-only authentication does not support some complex scenarios, for example, invoice operations.

We use a multi-tenant application and the initial registration for the application lives in the Host Azure AD tenant. When a user from a different tenant signs into the application for the first time, Azure AD asks for the consent and then a representation of the application (Service Principal) will be created in the user’s tenant.

This consent experience is based on the delegated permission we set in the app. And for us, it is important to give the appropriate permissions as we may have to act as the user. Below are the minimum set of permissions.

1. Azure Active Directory delegated permissions: Access the directory assigned user.
2. Partner Center APIs delegated…