使用ADAL对Azure API App进行身份验证

Question

I have an Azure API App marked as "Public (authenticated)" and set up an Azure Active Directory identity in the associated gateway as detailed in Protect an API App .

I then created a native application in the same Azure Active Directory Tenant and added permission to access the Gateway in the delegated permissions.

Using ADAL and the following code, I'm able to successfully authenticate and get an access token, but I can't figure out how to use it to access my API app.

string Tenant = "[xxx].onmicrosoft.com";
string Authority = "https://login.microsoftonline.com/" + Tenant;
string GatewayLoginUrl = "https://[gateway].azurewebsites.net/login/aad";
string ClientId = "[native client id]";
Uri RedirectUri = new Uri("[native client redirect url]");

async Task<string> GetTokenAsync()
{
  AuthenticationContext context = new AuthenticationContext(Authority);
  PlatformParameters platformParams = new PlatformParameters(PromptBehavior.Auto, null);
  AuthenticationResult result = await context.AcquireTokenAsync(GatewayLoginUrl, ClientId, RedirectUri, platformParams);

  return result.AccessToken;
}

I've tested the API app manually entering an x-zumo-auth header I get in Chrome and it works then, but not with a token I get using ADAL. I've also tried the browser forms described in their sample code which works but doesn't give me a refresh token.

How do I need to set up my authentication code so I can use a TokenCache and ADAL with my API app?

Answer 1

Generally you pass the access token in the Authorization header when when calling a web api:

Authorization: Bearer ThisIsTheAccessTokenYouRecievedFromADAL

Answer 2

You may want to use AppServiceClient to authenticate the user and invoke a protected API App endpoint. Install Microsoft.Azure.AppService SDK (-pre) Nuget package to your client project.

You can find more details in the AzureCards samples on GitHub - https://github.com/Azure-Samples/API-Apps-DotNet-AzureCards-Sample