How to authenticate webapp using token

Question

I am trying to create a webtest which will authenticate website using token and load webpage.

Since webtest will run without any manual interaction, I cannot sign in. So I am trying to authenticate using token.

But since website using active directory it uses UseOpenIdConnectAuthentication and UseCookieAuthentication for authentication when accessed via browser.

Is there a way to create a webtest like this?

Can you refer to this link https://stackoverflow.com/questions/1592534/what-is-token-based-authentication — SumanthMarigowda-MSFT, Dec 12 '17 at 12:26

score 1 · Answer 1 · edited Jun 20 '20 at 09:12

I am trying to create a webtest which will authenticate website using token and load webpage.

But since website using active directory it uses UseOpenIdConnectAuthentication and UseCookieAuthentication for authentication when accessed via browser.

According to your description, I assumed that you may leverage the package Microsoft.Owin.Security.OpenIdConnect and Microsoft.Owin.Security.Cookies to protect your application with OpenId Connect and Azure AD.

Assuming that your website is hosted by Azure web app, I assume that you could leverage the Authentication and authorization in Azure App Service and configure Authenticate with Azure AD instead of using the middle-ware manually in your code. But you could check the current environment in your code and use the middle-ware for authenticating locally.

In order to get the authenticated token from azure web app, you could access the following url via the browser for logging:

https://{your-app-name}.azurewebsites.net/.auth/login/aad

After logged, you would be redirected to the url as follows:

https://{your-app-name}.azurewebsites.net/.auth/login/done#token={token}

You could URL Decode the above token, retrieve the authenticationToken as the authenticated token to access your azure web app as follows:

https://{your-app-name}.azurewebsites.net/xxx/xxx
Header: x-zumo-auth:{authenticationToken}

Note: The authenticationToken would be expired after an hour.

Moreover, for Azure Active Directory you could also leverage the id_token or access_token be directly included in the Authorization header as a bearer token as follows:

https://{your-app-name}.azurewebsites.net/xxx/xxx
Header: Authorization:Bearer {id_token or access_token}

Note: In order to retrieve the id_token or access_token after logged, you could access the following url via the browser:

https://{your-app-name}.azurewebsites.net/.auth/me

How to authenticate webapp using token

1 Answers1