Can anyone provide me with instructions on how to setup and secure a Web API project using Azure AD? I can create the project but when I navigate to /api/values/, I get a 401 response. The application has been added to the list of applications in my Azure AD directory.
I found a blog post here that appears to address this topic but the steps do not match my environment. Perhaps this is because it is a bit outdated?
What am I missing?
Take a look at the Web API examples at https://github.com/AzureADSamples, specifically WebApp-WebAPI-OAuth2-AppIdentity-DotNet and AzureADSamples/WebApp-WebAPI-OAuth2-UserIdentity-DotNet.
Related
I'm looking into securing both my Web Application and Web API running on Azure, using Azure Managed Service Identities.
However, I am wondering if the On-behalf-of authentication flow works in this case?
I can't find any clear documentation on either answer.
OBO using managed identities is not supported.
I have followed all the steps mentioned in the following link to implement oAuth authentication for connecting to VSO:
https://www.visualstudio.com/en-us/integrate/get-started/auth/oauth
It involves creating a azure web site and the token in returned to it which is used for further processing.
My requirement is to create a service which will connect to VSO using oAuth authentication and fetch/create the work items.
I want to know how to configure the call back url in case of using a service.
Firstly, please take note that: Right now, it is only supported to register web application, it is impossible to register a WCF service project.
If you would like to register a web application and would like to get the call back URL, please check my reply in this link for the detailed steps: callbackurl while connecting to vso using oAuth
I am getting myself familiar with all the stuff related to authentication using active directory (both Azure AD and Windows Server AD).
Currently I am inspecting MS Katana project which is based on OWIN specification.
There are three libraries and one of them is kind of confusing for me:
Microsoft.Owin.Security.ActiveDirectory
Microsoft.Owin.Security.OpenIdConnect
Microsoft.Owin.Security.WsFederation
As for OpenId and WsFederation I understand what they are for, there are plenty of examples and articles about that.
What confuses me is the purpose of the ActiveDirectory library. I mean is this another way how to authenticate against active directory besides OpenId and WsFederation?
I am unable to find any relevant clear articles and examples about this one. Even on this site is the libraty only listed, but missing example:
Azure Active Directory Authentication Libraries
So my question is what is this library for and what are the use cases for using it over OpenIdConnect and WsFederation ways.
Thanks
That library contains middleware used for securing Web API with Azure AD. Any sample featuring a web API project in https://github.com/AzureADSamples/ uses it.
I am using new feature of Azure that enables the active directory authentication for your website without writing any code.
http://azure.microsoft.com/blog/2014/11/13/azure-websites-authentication-authorization/
But the problem is my web application is also hosting some Web APIs, which need to be called without any authentication.
Is there a way (some attributes?) so that I can call Web APIs without any authentication?
Tushar, I see that Byron also replied to your question on his post- and suggested creating another website as for APIs as a work around. However I suggest that you wire-up auth separately for your Web App and APIs following our samples here: https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet, https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet
Let me know if you run into any issues.
From the very same article you refer:
Current Limitations
There are some limitation to the current preview
release of this feature:
...
With the current release the whole site is placed behind login the
requirement.
Head less authentication/authorization for API scenarios
or service to service scenarios are not currently supported.
So, no, you cannot have partial APIs or pages anonymously available - all pages and API will be protected by the Azure Active Directory.
I'm working on a web application that I need to Integrate with Jira bug tracking tool. I have successfully integrated with the applications hosted at jira, but now I have to integrate with the JIRA hosted on other server (not the .atlassian ones).
The hosted solution will have the same capabilities as a REST API. So just point to the appropriate URL and it should work.
If you are just trying to integrate with the REST API, just try hitting it to see if its enabled.
If it isn't enabled, make sure the 'Allow Remote API Calls' is turned ON under Administration > General Configuration.