I need help on best practice with sso on a custom teams app in tab

Occasional Contributor

Hello all,

I've been trying to get a MS Teams Custom App running with SSO for several days now. All the examples I have looked at work but do not apply to my application. Maybe I have a wrong approach.


I have a web page (CSHTML) that is populated with data on view data from the associated controller. This web page needs to request and process data from MS-Graph (delegated) in the controller. For this I use from the repository the sample `/samples/tab-sso/csharp/TeamsTabSSO`.

My problem is, that the controller code of the web page, for the view data was already called before the 'accessToken" from the javascript part of the web page was delivered to the controller.


Code example of the controllers;

public IActionResult Index()
ViewBag.clientId = _configuration["AzureAd:ClientId"].ToString();
ViewBag.applicationIdURI = _configuration["AzureAd:ApplicationIdURI"].ToString();


here I want to access MS-graph via the accessToken e.g:
var me = await MSGraphClient.GetMeAsync(accessToken).ConfigureAwait(false);
var groups = await MSGraphClient.GetMeMemberOfAsync(accessToken).ConfigureAwait(false); 
return View();}



but only after running the controller code of the web page I get the call of the controller method 'GetUserAccessToken' in which the accessToken is delivered.



public async Task<ActionResult<string>> GetUserAccessToken()
return await SSOAuthHelper.GetAccessTokenOnBehalfUserAsync(_configuration, _httpClientFactory, _httpContextAccessor);
catch (Exception)
return null;


I would appreciate your help. Maybe there is even an example which applies to me.


3 Replies
thank you for the answer.
this is an interesting link. however, this is exactly how i implemented it and it works. however, when i get the token through "getAuthToken" it is too late.

My thinking is that I provide my view for rendering the HTML page in the controller code. To be able to read the necessary data from e.g. MS-Graph I need the accessToken. This is not yet there at this time. The token is requested by the javescript code of the web page. This code runs only after the server side code of the controller has run. So I can never use the accessToken directly in the controller code.

I use the ControllerCode as a "codebehind" like earlier in ASP.NET technology. So I have a C# code and the matching ASPX page. Today I see the "codebehind" in the controller code of the respective mapping and the HTML code in the CSHTML page.

Maybe I don't understand the concept yet. Therefore the question to the Commuinty how to solve such a problem and would be grateful for any hint.

Thx Mike
best response confirmed by Mikel85570 (Occasional Contributor)

@Mikel85570 - 

If you want to get id token at server side before page is loaded, it's not possible. You will get that at client side only. 


Prasad Das


If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link.