How to get and set the AzureAppProxyAccessCookie programatically to access on-premises API behind Azure Application Proxy

Question

I'm trying my best to understand the authentication flows for this but still feel I'm missing some understanding of why things are happening the way they are.

It's quite a long explanation so I'm going to put my questions first and the background of things I've tried further down. Any help would be greatly appreciated.

Questions

• Why does the token I acquired through MSAL return the Sign in to your account response not and not allow me to access the API ?
• Why do I need to set the cookie AzureAppProxyAccessCookie to allow console application code to pass through the Azure Application Proxy to get to the internal API?
• In non-interactive code such as a console application how would I programatically get and then set the AzureAppProxyAccessCookie on my request? Or is there a different way of achieving this?

Background I want to be able to call the API programatically from a background service like a console application and retrieve the data to process elsewhere. Here is my current set-up

1. Got an on-premises API and have implemented Azure AD Application proxy so that it can be accessed externally via the domainname.msappproxy.net address.
2. In Application Proxy settings for the API PreAuthentication is set to Azure Active Directory
3. In AzurePortal I have created AppRegistrations on both the API and Client and to the best of my knowledge have set this up correctly for a non web app - according to all the documents I have read. From there, I am able to use the MSAL call AcquireTokenForClient(scopes) to successfully retrieve a token
4. Using HttpClient and HttpRequestMessage I call the API adding the token from 3) to the headers as request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken). When I do this and examine the response I always see Sign into your account.

I'm still not sure why the steps above don't work and as I want it to be a non-interactive process need it to silently authenticate in the background

At this stage, I tried a different tack and tried to do some experimentation in Postman. In Postman I tried the following

Unsuccessful Experiment using Postman AzureAppProxyAccessCookie

Make a request to the API with NoAuth. This returns the Sign in to your account page and sets a cookie with a name similar to AzureAppProxyAnalyticCookie

Successful Experiment using Postman

1. I cleared all cookies went to the Auth tab, selected OAuth 2.0 selected GetNewAccessToken and a Grant Type of Authorization Code and filled in the relevant client id, secret etc. I was presented with the login dialog and successfully logged which set a number of cookies
2. Now that I was signed in I changed the Auth tab to NoAuth and made a request to the API again it now set 2 cookies AzureAppProxyAnalyticCookie and AzureAppProxyAccessCookie and the API is now successfully called and returns the results I'm expecting

Going back to the console app code

After my success with Postman I revisited the code. Now, I removed the token and instead of added the AzureAppProxyAccessCookie to the request headers. The code now passed through to the internal API and returns the results I expect. Clearly, the access cookie has some sort of effect but I can't find much documentation about it