0

I have created a 3 tier architecture as ASP.NET MVC, ASP Web APP, and a SQL database.

I want to use Azure AD authentication. I have published all applications in Azure, and added Azure authentication to MVC App and Web API using Azure portal. If I access the Web API, it asks me for login, and works fine.

But if I access the Web App, it is not getting data from Web API due to authentication error. Obviously, I need to do something to allow my Web App to pass token to Web API (calling API using ajax jquery). What are the minimum code changes that I need to do in Web API and Web App?

Vijay
  • 1
  • 2
  • How can we tell you how much code change is required if there is no code? – Anuraag Baishya Apr 24 '18 at 10:45
  • Well, if your API is asking you to login, it is already not setup the right way. An API should be used by other services, so cannot use interactive authentication. You'll have to configure Azure AD Bearer token authentication on it. Not sure if the portal stuff can do it, might have to modify the code to add the authentication there. – juunas Apr 24 '18 at 19:20

3 Answers3

0

If you have the code already working with Azure AD with webapi then you doesn't need much code to write or changes to make it work with mvc application. Reference here: http://www.dotnetcurry.com/windows-azure/1123/secure-aspnet-mvc-azure-using-active-directory-signon

Also if you could share some code snippet, it will be easy for others to answer your question with much better guesses :)

Manish
  • 615
  • 3
  • 6
  • 18
  • Hi Manish, thanks for your input. I am able to login to the MVC application alone, but problem comes when I try to integrate authentication from MVC to Web API using Azure AD. My code is dependent on database, hence not able to share due to security, but my question is in general for end to end authentication with Azure. – Vijay Apr 24 '18 at 13:05
0

As juunas commented that your Web API does not need to provide interactive authentication, it just need to validate the token. For your Web API, you just need to use the middleware Microsoft.Owin.Security.ActiveDirectory for authentication, details you could follow Azure AD .NET Web API getting started.

For your ASP.NET MVC project, you could use Microsoft.Owin.Security.OpenIdConnect middleware for authentication, details you could follow Integrate Azure AD into a web application using OpenID Connect.

For calling a Web API protected by Azure AD in a ASP.NET MVC using AAD and OpenID Connect, you could follow the detailed tutorial Calling a web API in a web app using Azure AD and OpenID Connect.

Or you could just use the built-in Authentication and authorization in Azure App Service provided by Azure App Service for authentication and authorization. For a simple way, you could create a single AAD app for your MVC web app and Web API web app. Also, you could create each AAD app for your MVC and Web API web apps and set the relevant permission for your MVC aad app to access Web API aad app, and you need to manually set the resource login parameter to the client id of your Web API aad app under the App Service Auth configuration of your MVC web app, details you could follow this issue.

Bruce Chen
  • 18,207
  • 2
  • 21
  • 35
  • Thanks Juunas, Bruce. Actually I had referred to all these links before, but I think with VS 2017, we don't need to update web config or startup.cs file manually. Able to do it when I enable single sign on in VS 2017. I wanted something like below, code in client app. Will try and post back: https://blogs.msdn.microsoft.com/jpsanders/2017/03/17/accessing-azure-app-services-using-azure-ad-bearer-token-2/ – Vijay Apr 25 '18 at 10:23
  • The tutorial you provided uses the ADAL library with the Client Credentials Grant flow (ClientId,ClientSecret) to acquire the token for accessing the protected resources without user interaction. I would recommend you read [Authentication scenarios for Azure AD](https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-scenarios) to choose the properly OAuth flow to meet your requirement. – Bruce Chen Apr 26 '18 at 02:22
0

Thank you all for your help. It worked for me now.

I followed below steps: 1. Used VS 2017 "Connected Services" option to generate the Azure AD code for both Web App and API. 2. Added code in Web App to acquire token for Web API as per below https://blogs.msdn.microsoft.com/jpsanders/2017/03/17/accessing-azure-app-services-using-azure-ad-bearer-token-2/ 3. Deploy both as web apps in Azure 4. Updated the config client id, client secrete, resource client id, etc and it worked.

Vijay
  • 1
  • 2