Web API .Net Core Azure Active Directory Authentication

Question

Playing around with Angular2 and ASP.NET Core (Web API).

Currently I successfully login through the UI and I am storing the id token that is returned. I created API and I pick Work or School authentication. Nothing is changed since I created the project. The problem is that I can't authenticate the request from angular (I tried with Postman either). Every time I get 401.

Setting the hearder to Authorization: Bearer xxx and I am passing the id token .

This is the data I store after login. What I am attaching as a header is the adal.idtoken

Any help it will be appreciated

Answer 1

You have to pass the access token to the Authorization header, not the id token.

The id token only contains information (claims) about the signed in user whereas the access token contains information about which protected resources the user has access to.

Answer 2

As in adal for js, access token is saved as id_token . And we can get the info from source code at https://github.com/AzureAD/azure-activedirectory-library-for-js/blob/master/lib/adal.js#L895 . So we can use id_token to authenticate the resources when we use adal for js.

Per your description, for 401 issue, please double check the Authentication setting of your Web API application on Azure portal.
The id strings used in Client ID and Issuer Url should be the same with client id and tenant id you are using in ng2 configurations.

To check whether it is configured, you can leverage fiddler or Postman to make http requests with Authentication header with the id_token you get from ng2.

There is a similar issue with you, who is using ng2-adal and getting 401 while using the token to access for the resource. You can try the answer of Angular 2 SPA Azure Active Directory JWT Issue .