OneNote Notebooks


It's a simple web application that shows how to consume OneNote API in order to fetch and display user's notebooks. Although OneNote API allows for many more operations, this example demonstrates only one API call. Main purpose of this application is to show how to authenticate OneNote user with his Microsoft Live Account, using OAuth2 protocol. More information about OneNote authentication and authorization can be found here.

Used libraries


To run this application locally, the following elements are required:

IIS hosting

In order to retrieve authentication token from MS account, the web application must expose endpoint that accepts authentication token as URL parameter.

Host the application with local IIS and set the host name, e.g. Remember to map the host name to your local address in %WINDIR%\system32\drivers\etc\hosts file. This base URL will be needed during application registration on Microsoft developer account.

Remember to set up IIS hosting for Web project.

SQL Server Express Edition

Application uses SQL Server database to store authenticated users data, along with valid authentication tokens. Database consists of one table only - dbo.Users. Creation script can be found in \helper-scripts\Users.sql.

Application registration

In order to gain access to OneNote notebooks, using Microsoft Live account, the application must be registered at MS developer account, as a web application. When application is registered, the Client ID and Client Secret are assigned to the application.

Please note, that redirect URL addresses must be set for the application. If the application is hosted under host name, the following redirect URLs should be registered:


To configure the application, rename Web.default.config to Web.config and replace missing values in the configuration file:

  • <add key="OAuth.LoginRedirectUrl" value="LOGIN_REDIRECT_URL" /> - application's URL, the user should be redirected to, after successful authentication process. E.g.
  • <add key="OAuth.LogoutRedirectUrl" value="LOGOUT_REDIRECT_URL"/> - application's URL, the user should be redirected to, after signing out.
  • <add key="OAuth.ClientId" value="CLIENT_ID" /> - Client ID value created for the application.
  • <add key="OAuth.ClientSecret" value="CLIENT_SECRET" /> - Client Secret value created for the application.
  • <add name="DATABASE_NAME" connectionString="CONNECTION_STRING" /> - connection string to SQL Server database.