0

At work we are making an SPFx Web Part React client app that deploys to SharePoint as a Web Part. Our back-end is a ASP.NET Core 2.2 Web API that is secured using Azure Portal's built in Authentication feature. The front-end is using AadHttpClient that magically handles the authentication by taking the context of the current page (SharePoint) that has the user already logged in. Doing so, silent authentication occurs and the API call is successfully made with authentication successfully passed. The AadHttpClient is supposed to magically bundle up the token in the request header that gets sent to the back-end Web API. I still need to debug the live development app and see how to retrieve the Bearer Token in the back-end Web API. These are my next probable steps?

  1. Would I just probably use 'string bearerToken = Request.Headers.....;' or 'string bearerToken = Request.Headers["KeyValue"]' to get the token itself?

  2. Assuming I can get this Bearer Token, how can I check the caller's user information? Is it just var userName = User.Identity.Name;? Or would I or could I use the token and some how make a call to Microsoft Graph API to view the user's info?

TylerH
  • 20,799
  • 66
  • 75
  • 101
MisterTams
  • 95
  • 2
  • 9

1 Answers1

0

If you are using ASP.NET Core and using default authentication then things are bit easier. From documentation you can see that several tokens are injected in the request header based on Identity provider so in your case you have to look for following headers which Azure AD injects. These headers would contain ID Token which you would need to verify the claims and get user information.

X-MS-TOKEN-AAD-ID-TOKEN 
X-MS-TOKEN-AAD-ACCESS-TOKEN 
X-MS-TOKEN-AAD-EXPIRES-ON 
X-MS-TOKEN-AAD-REFRESH-TOKEN

Ideally all the claims are injected automatically in ClaimsPrincipal

you can find more here

Official Docs

How To extract Token

Imran Arshad
  • 3,794
  • 2
  • 22
  • 27