0

I am using Azure app services for my Api (ASP.NET Core) and I have an Api Controller like this

[Route("api")]
public class PingController : Controller
{
    [HttpGet]
    [Route("ping")]
    public string Ping()
    {
        return "Pong";
    }

    [Authorize]
    [HttpGet("claims")]
    public object Claims()
    {
        return User.Claims.Select(c =>
        new
        {
            Type = c.Type,
            Value = c.Value
        });
    }
}

Then I am trying to access this from a Ionic2 (TypeScript & Cordova) implementation like this

this.client = new WindowsAzure.MobileServiceClient('https://mysite.azurewebsites.net/');
 this.client.login('google').then(result=>{
    this.client.invokeApi("claims", {
        body: null,
        method: "get"
    }).done(function (results) {
        alert(JSON.stringify(results));
    }, function (error) {
        let msg = error.message;
        let request = error.request;
        alert(msg+';'+request.status);
    });
});

The login screen shows up correctly and the service gets called, but fails with 401 error. It works if I call the 'ping' service. The HTTP call has X-ZUMO headers that I think should be good for authentication(?):

GET /api/claims HTTP/1.1
Host: mysite.azurewebsites.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
ZUMO-API-VERSION: 2.0.0
X-ZUMO-INSTALLATION-ID: 10badf87-...
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
X-ZUMO-AUTH: eyJ0eXAiOiJKV...
accept: application/json
X-ZUMO-VERSION: ZUMO/2.0 (lang=Cordova; os=--; os_version=--; arch=--; version=2.0.0-41128.193844)
Referer: http://localhost:8000/index.html
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
Cookie: ARRAffinity=4df5cc005....

the Azure app debug log just shows IIS's default 401 screen. saying the resource has been access as 'anonymous'. I have used Auth0 before and you have to register JWT Bearer options in app configuration. But for Azure, I don't see any tutorials doing a similar step. So what is that I am missing to get this working?

n00b
  • 1,832
  • 14
  • 25
  • Well add the authorization header to your claims request. You are getting a result from the login, use it – misha130 Mar 25 '17 at 17:23
  • @misha130 that is why the X-ZUMO-AUTH header is there. https://learn.microsoft.com/en-us/azure/app-service/app-service-authentication-overview – n00b Mar 26 '17 at 00:15

2 Answers2

1

I wrote about App Service in ASP.NET Core here: https://shellmonger.com/2017/03/02/azure-app-service-authentication-in-an-asp-net-core-application/

Basically - you need to handle the token in .NET Core. It's not native.

Adrian Hall
  • 7,990
  • 1
  • 18
  • 26
  • Thanks. My question was actually duplicate of this : http://stackoverflow.com/questions/41501612/trouble-getting-claimsprincipal-populated-when-using-easyauth-to-authenticate-ag – n00b Mar 28 '17 at 10:51
  • @adrian-hall your repository https://github.com/adrianhall/netcore-server/tree/p5 is down. Code anywhere else? – Benjamin Abt Jun 06 '17 at 11:45
  • I'm no longer with MSFT - the sample was a part of one of the repos that was transferred to MSFT when I left. Sorry! I'll update the blog to remove the link – Adrian Hall Jun 06 '17 at 15:17
0

After spending hours, I realized that App Services is not populating the Claims Principal for the ASP.NET Core Application. This means it is not handling the X-ZUMO headers and validating them.

Look at this SO Question

The proposed solution is to use the X-ZUMO header to make a call to the /.auth/me service, which returns all the claims and use the response to set the Authentication Context inside your ASP.NET Core application.

This GitHub repository now makes this very easy to do. It defines an extension method so that you can get this happen for your application by calling

app.UseAzureAppServiceAuthentication();

Community
  • 1
  • 1
n00b
  • 1,832
  • 14
  • 25