I tried to follow this tutorial: https://www.bruttin.com/2017/11/21/azure-api-postman.html
What am I doing wrong? I'm using the default template of .net core web api 2.2 in visual studio 2019 and I want to use Azure AD to authenticate. To test the authentication I am using Postman, but I can't get it to work. The photos below show the steps in order in that I am trying.
AuthURL = "https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize"
TokenURL = "https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token"
Create Project
Choose API
Enter Domain and check "Read Directory Data"
appsettings.js is generated
Default StartUp.cs File
Values Controller user the Authorize Attribute
Generate a Secret in Azure Portal
Fill out token request form in PostMan - Successfully get token.
Attempt to use the token and access is denied.
What am I doing wrong!!!!!
AuthURL = "https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize" TokenURL = "https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token"
One point is you are acquire Azure AD V2.0 tokens , if that is an Azure AD v2.0 Web API , you should append /v2.0 to your Authority when config the web api , see source code of Microsoft Identity Web .
You could click here for code sample about web api which protected by Azure AD V2.0 .
If you are using the Azure AD V1.0 , you should use https://login.microsoftonline.com/[tenant_id]/oauth2 endpoint and use resource not scope when acquiring access token .
Microsoft identity platform (v2.0) overview
Azure Active Directory for developers (v1.0) overview
Related
I am currently working on a function app and would like to understand more on the built in authentication using Microsoft as the identity provider. I have created an app registration as per this guide but upon testing the authentication in a browser, I have been redirected to login.microsoftonline.com/common instead of login.microsoftonline.com/. Is that the expected behavior?
For your function app, in the Authentication blade, check what is being displayed for Issuer Url for the Microsoft Authentication provider. If you have configured to authenticate users from your organization's Azure AD, then that will be the tenant ID, and the url should be login.microsoftonline.com/<guid of tenant>. It depends on what you chose for your target audience, refer here.
I have created a new asp.net core MVC and i select the Work or School Account with Multiple Organization, as follow:-
now when i run my application inside visual studio i were able to login using my office 365 account, which is great. but my question is, when i deploy then web application inside a live iis , can i still login using my office 365 account? or i need to register my application inside azure or inside Microsoft first? or the login will be offered for us without any extra work?
If you create application using Work or School Accounts authentication template , it will automatically register application in Azure AD of the Domain/tenant you config . Check the appsettings.json file of your application :
"AzureAd": {
"Instance": "https://login.microsoftonline.com/common",
"ClientId": "xxxx-xxxx-xxxx-a81e-729b495eb890",
"CallbackPath": "/signin-oidc"
},
You can search the registered application by ClientId in Azure AD's App registrations blade , choose All applications and search by client id :
Since the app is a multi-tenant application , when a user from a different tenant signs in to the application for the first time, Azure AD asks them to consent to the permissions requested by the application. If they consent, then a representation of the application called a service principal is created in the user’s tenant, and sign-in can continue. You can find the application in that tenant in Enterprise applications blade searching using the same client id . Please refer to below document for details about multi-tenant application .
How to: Sign in any Azure Active Directory user using the multi-tenant application pattern
I would like to test a locally running web api authorized end point with Postman using AAD B2C with Microsoft account as identity provider.
The web api is running well, I can authenticate from client apps (Web App and UWP app), but I am not able to test it with Postman because can't get a token. Without authorization the Postman works well.
I am using the following guideline:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/azure-ad-b2c-webapi?view=aspnetcore-3.0
The Postman's error message:
Postman's settings:
AAD B2C Applications:
AAD B2C Postman App properties:
AAD B2C Postman App API access:
Can you tell me any idea what's missing?
I can repro your issue. Based on your capture, the Auth URL in postman setting(pic 2) , the host you are using is https://login.microsoftonline.com which will cause redirect uri issue while using MSA identity provider.
To solve this issue , you should use this host: https://{your-tenant-name}.b2clogin.com.
Details see this official doc :
When you set up an identity provider for sign-up and sign-in in your
Azure Active Directory B2C (Azure AD B2C) application, you need to
specify a redirect URL. You should no longer reference
login.microsoftonline.com in your applications and APIs. Instead, use
b2clogin.com for all new applications, and migrate existing
applications from login.microsoftonline.com to b2clogin.com.
Hope it helps .
I manage to understand how Web APIs work and I have to create a centralized secure authentication system for our intranet.
The problem is that i need to do this using Web API and LDAP and i cannot find any example with enough documentation to get a simple system up and running for testing
It should be simple in theory, Client sends username and password encrypted through json to web api, web api validates user against ldap and creates token with user data and sends it back.
System.DirectoryServices is available from .net core 2.1 , you can read more here. If using .Net 2.0 , you can use Windows Compatibility Pack for .NET Core or Novell.Directory.Ldap.NETStandard to validate the credential With AD . See code samples from here .
Now you can secure your ASP.NET Core API with JWT Authentication .The common process is your client collect user's credential and pass to web api , web api validate the credential ,issue JWT token and send back to client . Next time client will send JWT token to web api to perform operations based on token permissions(Scope claim) .
You can click here and here for tutorials .
I'd like create Azue Api App backend for web and mobile clients.
In Visual Studio 2015, I created a Azure Api App Project, but I can't choose authentication (it's disable and default is No Authentication).
How can i add Individual User Account Auth and connect a DB with my api backend?
Thanks
Should you not just create a regular ASP.net project with Web API and the Local Account authentication provided by .Net Identity?