2

I found a tutorial where I can sign in to my application with Azure AD credentials.

In my frontend I'm using Xamarin.Forms. In my backend I'm using ASP.NET Core 2.0 WebApi.

Backend:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseAuthentication();

        app.UseMvc();
    }

public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc();

        services.AddAuthentication(o =>
        {
            o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        }).AddJwtBearer(options =>
        {
            options.Authority = String.Format(Configuration["AzureAd:AadInstance"], Configuration["AzureAD:Tenant"]);
            options.Audience = Configuration["AzureAd:Audience"];
        });
    }

It's pretty simple.

In my frontend I'm filling in my credentials and asking for a access_token.

{
"token_type": "Bearer",
"scope": "user_impersonation",
"expires_in": "3600",
"ext_expires_in": "0",
"expires_on": "1507104075",
"not_before": "1507100175",
"resource": "my_resource",
"access_token": "my_access_token",
"refresh_token": "my_refresh_token"
}

The access_token i'm filling in the headers with Authorization set with bearer my_access_token.

My Api know's all my information because it will automaticly set claims with the info from my access_token. This info is provided by Azure AD. (fullname, firstname, lastname, ...)

But how can I get this information in my frontend?

JeffreyM
  • 387
  • 1
  • 4
  • 13

2 Answers2

0

You might want to check out the active-directory-dotnet-native-desktop sample on GitHub.

I shows how to use ADAL.NET in a desktop app, to get a token for a service. you will need to adapt it for your Xamarin forms client, but the principle is the same as far as authentication is concerned. Also it contains a service and you would replace it by your own service and get a token for your web API by changing the resource ID to be the one of your application created using the ASP.NET wizard (you'll find it in the Azure portal as described in the readme.md of the sample)

the idea is that you first get a token using ADAL.Net line 92 of TodoListClient/MainWindow.xaml.cs

result = await authContext.AcquireTokenAsync(todoListResourceId, clientId, redirectUri, ...)

and then you use it as a bearer token line 121

httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
Jean-Marc Prieur
  • 1,553
  • 11
  • 11
0

If all the info you required is include in the access token, you can just decode the access token on the client. The access token is a JWT, it is easy to research code sample to decode the access token like following threads:

How to decode JWT Token?

Decoding and verifying JWT token using System.IdentityModel.Tokens.Jwt

And if you also require more user info, you can refresh the access token for the Microsoft Graph, and call the me endpoint of Microsoft Graph(refer here). And below is the document about how to refresh the access token via refresh token:

Refreshing the access tokens

Fei Xue
  • 14,369
  • 1
  • 19
  • 27