WebApi and ADFS integration

Question

I've created a "test" project where I'm using a .Net 4.6 WebApi that I want to integrate authentication using ADFS - similar to this post . I'm calling the api from an angular project and using the following code I'm able to get the Authorization Header:

     string authority = ConfigurationManager.AppSettings["adfsEndpoint"].ToString();
     string resourceURI = "https://localhost:44388/";
     string clientID = "someguid";
     string clientReturnURI = "http://localhost:55695/";

     var ac = new AuthenticationContext(authority, false);

    //This seems to be working as I am getting a token back after successful authentication
     var ar = await ac.AcquireTokenAsync(resourceURI, clientID, new Uri(clientReturnURI), new PlatformParameters(PromptBehavior.Auto));
     string authHeader = ar.CreateAuthorizationHeader();

    //this fails with a 401
     var client = new HttpClient();
     var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:64038/api/Values");
     request.Headers.TryAddWithoutValidation("Authorization", authHeader);
     var response = await client.SendAsync(request);

     return response ;

However, on a subsequent call to my ValuesController that is using the Authorize attribute, I always receive a 401 Unathorized response (even though I'm passing the Authorization header). I'm not sure what I'm missing.

One other thing to note: when I'm prompted for my credentials, I get the dialog below and not the typical ADFS login page I get with my normal MVC apps that authenticate using ADFS (I'm not sure why this happens either).

Answer 1

Ugh! Turns out I missed this piece of code that was needed in the ConfigureAuth method:

app.UseActiveDirectoryFederationServicesBearerAuthentication(
new ActiveDirectoryFederationServicesBearerAuthenticationOptions
{
    Audience = ConfigurationManager.AppSettings["ida:Audience"],
    MetadataEndpoint = ConfigurationManager.AppSettings["ida:MetadataEndpoint"]
});

Once I added this and made the necessary configurations in the web.config file (and correcting the resourceUri variable passed into the AcquireTokenAsync method), I was able to make an http call from my api controller to the values controller that was decorated with the Authorize attribute using this code from the tutorial:

 var client = new HttpClient();
 var request = new HttpRequestMessage(HttpMethod.Get, "http://localhost:64038/api/Values");
 request.Headers.TryAddWithoutValidation("Authorization", authHeader);
 var response = await client.SendAsync(request);
 string responseString = await response.Content.ReadAsStringAsync();
 return responseString;

This still won't work for an AngularJS client (which I now understand), so I'll look to implement the ADAL JS library for that.

Edit

As it turns out, based on this answer, it appears I will not be able to do what I was hoping to do (AngularJS app using WebApi backend using On-Premise ADFS). I've decided to use an MVC-AngularJS approach instead.