Authenticate to Azure API App using ADAL using Token or Not

Question

We are using our TokenHandler to generate tokens

Our urls look like this http://abc.go.com?token=1234 .

Now we would like to use Azure AD to generate tokens, it it possible to make server side token validation without creating special http request headers, so that we just use current interface for tokens, but tokens are comming from azure ad?

Answer 1

You can have your manual jwt token validation against AAD Authority and put it in the same old api route you have.

You can have an endpoint like:

public async Task<bool> IsTokenValid(string jwtToken)
{
    JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();

    TokenValidationParameters validationParameters = new TokenValidationParameters
    {
        ValidAudience = audience,
        ValidIssuer = issuer,
        IssuerSigningTokens = signingTokens,
        CertificateValidator = X509CertificateValidator.None
    };

    // Validate token.
    SecurityToken validatedToken = new JwtSecurityToken();
    ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(jwtToken, validationParameters, out validatedToken);

    // Set the ClaimsPrincipal on the current thread.
    Thread.CurrentPrincipal = claimsPrincipal;

    // Set the ClaimsPrincipal on HttpContext.Current if the app is running in web hosted environment.
    if (HttpContext.Current != null)
    {
        HttpContext.Current.User = claimsPrincipal;
    }

    // If the token is scoped, verify that required permission is set in the scope claim.
    if (ClaimsPrincipal.Current.FindFirst(scopeClaimType) != null && ClaimsPrincipal.Current.FindFirst(scopeClaimType).Value != "user_impersonation")
        return await Task.FromResult(false);

    return await Task.FromResult(true);
}

Here is a sample repo that you can see how to do Manual Token validations:

https://github.com/Azure-Samples/active-directory-dotnet-webapi-manual-jwt-validation