ADAL - Bearer token not authenticated (IDX10500: Signature validation failed)

Question

I'm developing a Xamarin Forms app with a .NET WebApi middleware.

On Xamarin layer I'm performing ADAL Login, like this (iOS implementation):

        var authContext = new AuthenticationContext(authority + tenantId);
        if (authContext.TokenCache.ReadItems().Any())
            authContext = new AuthenticationContext(authContext.TokenCache.ReadItems().First().Authority);

        var controller = GetVisibleViewController();
        var uri = new Uri(returnUri);
        var platformParams = new PlatformParameters(controller);
        var authResult = await authContext.AcquireTokenAsync(resource, 
                     clientId, uri, platformParams, UserIdentifier.AnyUser);

Login works, I get the token and I pass it to the WebAPI layer like this:

        httpClient.DefaultRequestHeaders.Authorization =
            new AuthenticationHeaderValue("Bearer",
            authResult.AccessToken);

My WebAPI layer is setup to accept jwt bearer auth:

        app.UseJwtBearerAuthentication(new JwtBearerOptions
        {
            Authority = Configuration["Authentication:AzureAd:AADInstance"] 
                        + Configuration["Authentication:AzureAd:TenantId"],
            Audience = Configuration["Authentication:AzureAd:Audience"]
        });

But, when I make a request to a controller with [Authorize] I get this error:

2017-12-29 11:50:41.134 +00:00 [Information] Failed to validate the token "....".
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10500: Signature validation failed. No security keys were provided to validate the signature.
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
2017-12-29 11:50:41.149 +00:00 [Information] "Bearer" was not authenticated. Failure message: "IDX10500: Signature validation failed. No security keys were provided to validate the signature."

What is this signature is talking about? Is the problem on client or middleware layer?

What are the values for AADInstance and TenantId in your config? — juunas, Dec 29 '17 at 14:03
Please ensure that the TenantId and AADInstance are the same in both calls. This may be what is causing — Andre Teixeira, Feb 21 '18 at 00:37
Have you looked at https://stackoverflow.com/questions/32581491/mvc-6-vs-mvc-5-bearerauthentication-in-web-api ? — Kalyan Krishna, Feb 22 '18 at 05:24

ADAL - Bearer token not authenticated (IDX10500: Signature validation failed)

0 Answers0