1

I am following this guide (enter link description here) in order to access Skype for Business resources. Everything goes fine when I try through Insomnia or Postman but I fail when I do it with my .net framework app. First let's see the manual call: whenever I make the GET request shown in the following pic, I get redirected to the login page of Microsoft, I login with my credentials and in return (in the url) I see the auth token that I need for the next steps.

enter image description here

Now, I am trying to achieve the same behavior through my .net framework app, but it says that I am in need of a client secret which I don't use in the manual call. Code is below:

enter image description here

So the app runs, the window for inserting my credentials pops up, I enter my username and password and then the following error appears:

enter image description here

Might it be related to the RedirectUri ? In case of the manual call that goes succesfully, after I insert my credentials, I get redirected to the page specified in the redirect_uri (which in my case doesn't work) but at least I get the token back, see image:

enter image description here

Tarta
  • 1,729
  • 1
  • 29
  • 63
  • 1
    Are you using .net core? I can not use PromptBehavior in .net core and it applies to .net based on the document.https://learn.microsoft.com/en-us/dotnet/api/microsoft.identitymodel.clients.activedirectory.platformparameters.promptbehavior?view=azure-dotnet – Tony Ju Mar 14 '19 at 09:57
  • @TonyJu you are definitely right, my apologies. I started with developing a .net core app but I ecountered your same problem and created the same app but based on .net framework. The code above is indeed for .net framework, my apologies! – Tarta Mar 14 '19 at 13:22
  • 1
    It is ok. I have added my answer as below. – Tony Ju Mar 15 '19 at 01:02

1 Answers1

2

If you are using webapp/api application type, you need to pass the clientSecret to acquire token. Here is the code sample.

var authContext = new AuthenticationContext(context.Options.Authority, new NaiveSessionCache(userObjectId, context.HttpContext.Session));
                var credential = new ClientCredential(context.Options.ClientId, context.Options.ClientSecret);
                var token2 = await authContext.AcquireTokenAsync(context.Options.Resource,credential);

enter image description here

If you do not want to pass the clientSecret to acquire token, you need to use NativeClient application type.

You can find your application type on azure portal. enter image description here

Tony Ju
  • 14,891
  • 3
  • 17
  • 31
  • First of all thanks for your answer, I have a couple of questions if possible: 1) what is this userObjectId ? 2) NaiveSessionCache is part of which nuget package? Unfortunately I cannot find it – Tarta Mar 15 '19 at 12:10
  • userObjectId is userId, and NativeSessionCache is public NaiveSessionCache(string userId, ISession session) { UserObjectId = userId; CacheId = UserObjectId + "_TokenCache"; Session = session; this.AfterAccess = AfterAccessNotification; this.BeforeAccess = BeforeAccessNotification; Load(); } You can download the sample here. https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore @Tarta – Tony Ju Mar 15 '19 at 13:51
  • If my answer is helpful, please make it as answer. Thanks. @Tarta – Tony Ju Mar 15 '19 at 13:51
  • Sure I will choose it as answer but I am still not able to make it work. Did you use https://login.windows.net/ as Authority ? – Tarta Mar 15 '19 at 15:22
  • No, I was using login.microsoftonline.com. Just like the document which you followed. – Tony Ju Mar 18 '19 at 05:19
  • @Tarta Just let me know if you have further question. :) – Tony Ju Mar 18 '19 at 09:50
  • I do :) Cause it's not working unfortunately haha. I manage to grab the token with the way you say, but the behavior is not the same. So, working workflow with a software like Postman or Insomnia to make http calls: I make a GET request to AuthorityUrl (doesn't matter if login.microsoftonline.com or login.windows.net). I get redirected to windows login page where I can use my credentials. In return I get back in the query string the bearer token that I can reuse for the next call. – Tarta Mar 18 '19 at 12:39
  • In my app instead I use your code, using client secret instead of my own windows credentials, I get back the bearer token correctly but when I try to reuse it for the next steps I receive back a 500, with internal error. So the behaviors with the user credentials and the one with the client secret don't produce the same outcome unfortunately – Tarta Mar 18 '19 at 12:41
  • Did you check the tenant in appsettings.json? And the the value of options.Resource in AzureAdAuthenticationBuilderExtensions.cs – Tony Ju Mar 19 '19 at 08:35
  • well I am not using that project but my own call following the sample code you gave above and the Resource is set manually to the correct one, while the Tenant as far as my understanding goes is needed only for the URL. So I use the URL that works with the manual http call through Insomnia which is: https://login.microsoftonline.com/common/oauth2/authorize – Tarta Mar 19 '19 at 10:56
  • 1
    I checked the document again, If your application authenticates against an online server, you must follow the Azure AD authorization flow as described in this article. https://learn.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread You can use the code which you used before and just change the app type to native. – Tony Ju Mar 22 '19 at 03:06
  • Okey, tryed to do as you say, everything should be in place but since it's a native app and now anymore a Web one, there is no secret key anymore. How should I get the token in this case? – Tarta Mar 25 '19 at 11:51
  • It actually works!! Thanks a lot man! Changing the app to native was the solution :) – Tarta Mar 25 '19 at 15:11
  • @CaiyiJu Hello ju, you seem to have good knowledge in azure platform. can you please guide me regarding skype for business ucwa api, receive message api. I am unable to resolve the issue, here is my question. https://stackoverflow.com/questions/57170656/skype-for-business-receive-im-not-working-with-the-below-steps Thankyou for ur help. – curious_one Jul 27 '19 at 11:00