Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/microsoftgraph/msgraph-sdk-dotnet/llms.txt

Use this file to discover all available pages before exploring further.

​
Overview

The Applications API provides operations to manage Azure AD application registrations. Access through graphClient.Applications.

​
Request Builder

public ApplicationsRequestBuilder Applications { get; }
Accessed via: graphClient.Applications

​
Operations

​
List Applications

Retrieve all application registrations. 
var applications = await graphClient.Applications.GetAsync();

foreach (var app in applications.Value)
{
    Console.WriteLine($"{app.DisplayName}");
    Console.WriteLine($"  App ID: {app.AppId}");
    Console.WriteLine($"  Object ID: {app.Id}");
}

// Filter applications
var filteredApps = await graphClient.Applications.GetAsync(config =>
{
    config.QueryParameters.Filter = "startsWith(displayName,'MyApp')";
    config.QueryParameters.Select = new[] { "id", "appId", "displayName" };
});
Query Parameters:
​
$select
string[]
Properties to return
​
$filter
string
Filter expression
​
$orderby
string[]
Sort order
​
$top
int
Number of applications to return
​
$search
string
Search query (requires ConsistencyLevel header)

​
Get Application by ID

// By object ID
var app = await graphClient.Applications["object-id"].GetAsync();

// By app ID (alternate key)
var app = await graphClient.ApplicationsWithAppId("app-id").GetAsync();

Console.WriteLine($"Display Name: {app.DisplayName}");
Console.WriteLine($"App ID: {app.AppId}");
Console.WriteLine($"Sign-in audience: {app.SignInAudience}");

​
Create Application

var newApp = new Application
{
    DisplayName = "My Application",
    SignInAudience = "AzureADMyOrg",
    RequiredResourceAccess = new List<RequiredResourceAccess>
    {
        new RequiredResourceAccess
        {
            ResourceAppId = "00000003-0000-0000-c000-000000000000", // Microsoft Graph
            ResourceAccess = new List<ResourceAccess>
            {
                new ResourceAccess
                {
                    Id = Guid.Parse("e1fe6dd8-ba31-4d61-89e7-88639da4683d"), // User.Read
                    Type = "Scope"
                },
                new ResourceAccess
                {
                    Id = Guid.Parse("df021288-bdef-4463-88db-98f22de89214"), // User.Read.All
                    Type = "Role"
                }
            }
        }
    },
    Web = new WebApplication
    {
        RedirectUris = new List<string>
        {
            "https://localhost:5001/signin-oidc"
        },
        ImplicitGrantSettings = new ImplicitGrantSettings
        {
            EnableIdTokenIssuance = true
        }
    },
    Api = new ApiApplication
    {
        Oauth2PermissionScopes = new List<PermissionScope>
        {
            new PermissionScope
            {
                AdminConsentDescription = "Allow app to read data",
                AdminConsentDisplayName = "Read data",
                Id = Guid.NewGuid(),
                IsEnabled = true,
                Type = "User",
                UserConsentDescription = "Allow app to read your data",
                UserConsentDisplayName = "Read your data",
                Value = "Data.Read"
            }
        }
    }
};

var app = await graphClient.Applications.PostAsync(newApp);
Console.WriteLine($"Created app: {app.AppId}");

​
Update Application

var updateApp = new Application
{
    DisplayName = "Updated App Name",
    Tags = new[] { "WindowsAzureActiveDirectoryIntegratedApp" }
};

await graphClient.Applications["object-id"].PatchAsync(updateApp);

​
Delete Application

await graphClient.Applications["object-id"].DeleteAsync();

​
Owners

​
List Owners

var owners = await graphClient.Applications["object-id"].Owners.GetAsync();

foreach (var owner in owners.Value)
{
    if (owner is User user)
    {
        Console.WriteLine($"Owner: {user.DisplayName}");
    }
}

​
Add Owner

var ownerRef = new ReferenceCreate
{
    OdataId = $"https://graph.microsoft.com/v1.0/users/{userId}"
};

await graphClient.Applications["object-id"].Owners.Ref.PostAsync(ownerRef);

​
Remove Owner

await graphClient.Applications["object-id"].Owners["user-id"].Ref.DeleteAsync();

​
Certificates and Secrets

​
Add Password Credential (Client Secret)

var passwordCredential = new AddPasswordPostRequestBody
{
    PasswordCredential = new PasswordCredential
    {
        DisplayName = "My Client Secret",
        EndDateTime = DateTime.UtcNow.AddMonths(6)
    }
};

var credential = await graphClient.Applications["object-id"]
    .AddPassword
    .PostAsync(passwordCredential);

Console.WriteLine($"Secret: {credential.SecretText}");
Console.WriteLine($"Key ID: {credential.KeyId}");
// Store the secret securely - it's only shown once!

​
Remove Password Credential

var removePassword = new RemovePasswordPostRequestBody
{
    KeyId = Guid.Parse("key-id")
};

await graphClient.Applications["object-id"]
    .RemovePassword
    .PostAsync(removePassword);

​
Add Certificate

using System.Security.Cryptography.X509Certificates;

var certificate = new X509Certificate2("path/to/cert.pfx", "password");

var keyCredential = new AddKeyPostRequestBody
{
    KeyCredential = new KeyCredential
    {
        Type = "AsymmetricX509Cert",
        Usage = "Verify",
        Key = certificate.RawData,
        DisplayName = "My Certificate"
    },
    PasswordCredential = null,
    Proof = "proof-token" // Required for key verification
};

var key = await graphClient.Applications["object-id"]
    .AddKey
    .PostAsync(keyCredential);

​
Remove Certificate

var removeKey = new RemoveKeyPostRequestBody
{
    KeyId = Guid.Parse("key-id"),
    Proof = "proof-token"
};

await graphClient.Applications["object-id"]
    .RemoveKey
    .PostAsync(removeKey);

​
Extension Properties

​
List Extension Properties

var extensions = await graphClient.Applications["object-id"]
    .ExtensionProperties
    .GetAsync();

foreach (var ext in extensions.Value)
{
    Console.WriteLine($"{ext.Name}: {ext.DataType}");
}

​
Create Extension Property

var extensionProperty = new ExtensionProperty
{
    Name = "customAttribute",
    DataType = "String",
    TargetObjects = new[] { "User" }
};

var ext = await graphClient.Applications["object-id"]
    .ExtensionProperties
    .PostAsync(extensionProperty);

​
Federated Identity Credentials

​
List Federated Credentials

var credentials = await graphClient.Applications["object-id"]
    .FederatedIdentityCredentials
    .GetAsync();

​
Create Federated Credential

var federatedCred = new FederatedIdentityCredential
{
    Name = "GitHubActions",
    Issuer = "https://token.actions.githubusercontent.com",
    Subject = "repo:organization/repository:environment:production",
    Description = "GitHub Actions deployment",
    Audiences = new[] { "api://AzureADTokenExchange" }
};

await graphClient.Applications["object-id"]
    .FederatedIdentityCredentials
    .PostAsync(federatedCred);

using var logoStream = File.OpenRead("logo.png");

await graphClient.Applications["object-id"]
    .Logo
    .PutAsync(logoStream);

var logoStream = await graphClient.Applications["object-id"]
    .Logo
    .GetAsync();

using var fileStream = File.Create("downloaded-logo.png");
await logoStream.CopyToAsync(fileStream);

​
Token Issuance Policies

​
List Token Issuance Policies

var policies = await graphClient.Applications["object-id"]
    .TokenIssuancePolicies
    .GetAsync();

​
Token Lifetime Policies

​
List Token Lifetime Policies

var policies = await graphClient.Applications["object-id"]
    .TokenLifetimePolicies
    .GetAsync();

​
Common Scenarios

​
Create Web Application with Redirect URIs

var webApp = new Application
{
    DisplayName = "My Web App",
    SignInAudience = "AzureADMultipleOrgs",
    Web = new WebApplication
    {
        RedirectUris = new List<string>
        {
            "https://myapp.com/signin-oidc",
            "https://myapp.com/signout-callback-oidc"
        },
        LogoutUrl = "https://myapp.com/signout-oidc"
    }
};

var app = await graphClient.Applications.PostAsync(webApp);

​
Create SPA Application

var spaApp = new Application
{
    DisplayName = "My SPA",
    SignInAudience = "AzureADandPersonalMicrosoftAccount",
    Spa = new SpaApplication
    {
        RedirectUris = new List<string>
        {
            "http://localhost:3000",
            "https://myspa.com"
        }
    },
    RequiredResourceAccess = new List<RequiredResourceAccess>
    {
        new RequiredResourceAccess
        {
            ResourceAppId = "00000003-0000-0000-c000-000000000000",
            ResourceAccess = new List<ResourceAccess>
            {
                new ResourceAccess
                {
                    Id = Guid.Parse("e1fe6dd8-ba31-4d61-89e7-88639da4683d"),
                    Type = "Scope"
                }
            }
        }
    }
};

​
Create Native/Mobile Application

var nativeApp = new Application
{
    DisplayName = "My Mobile App",
    SignInAudience = "AzureADandPersonalMicrosoftAccount",
    PublicClient = new PublicClientApplication
    {
        RedirectUris = new List<string>
        {
            "msauth.com.mycompany.myapp://auth",
            "http://localhost"
        }
    },
    IsFallbackPublicClient = true
};

​
Delta Query

var delta = await graphClient.Applications.Delta.GetAsync();

foreach (var app in delta.Value)
{
    Console.WriteLine($"Changed: {app.DisplayName}");
}

var deltaLink = delta.OdataDeltaLink;

​
Error Handling

using Microsoft.Graph.Models.ODataErrors;

try
{
    var app = await graphClient.Applications["object-id"].GetAsync();
}
catch (ODataError error)
{
    if (error.Error.Code == "Request_ResourceNotFound")
    {
        Console.WriteLine("Application not found");
    }
    else if (error.Error.Code == "Authorization_RequestDenied")
    {
        Console.WriteLine("Insufficient permissions");
    }
    else
    {
        Console.WriteLine($"Error: {error.Error.Message}");
    }
}

​
See Also

Application Model

Application properties

Service Principals

Service principal management

OAuth2 Permission Grants

Permission grants

App Registrations

Azure AD documentation