stackoom
  简体   繁体   中英

Securing ASP.NET Core Web API with Azure AD

 原文  2020-06-23 03:01:16       asp.net/ azure/ .net-core/ azure-active-directory

Question

I am trying to start a new project that uses Azure AD for authentication. It is set up so that I have a SPA on the front end that gets information from an ASP.NET core web API, both of which I am creating. I am having trouble getting the front end token to authorize in the API. Every time I send a request to the API I get the error: Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: IDX10231: Audience validation failed .

I have set up the project as following.

In Azure AD I have set up two applications: One for the front end and one for the API. The API application has an API exposed called access_as_user . The front end application then has access to this. I have also made a client secret for both and added redirect URL's for the front end.

In my ASP.NET core API I am using I'm using Microsoft.Identity.Web and calling it like so:

// startup.cs

...
public void ConfigureServices(IServiceCollection services)
  {
    ...
    services.AddProtectedWebApi(Configuration, subscribeToJwtBearerMiddlewareDiagnosticsEvents: true);
    ...
  }
...

In my config the values are as follows:

"AzureAD": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "mydomain.onmicrosoft.com",
    "TenantId": "*MY TENANT ID*",
    "ClientId": "*Client ID of API",
    "ClientSecret": "Client Secret for API",
    "Audience": "Client ID of Front End"
}

To get auth I followed this tutorial -> here <- to set up PostMan to use OAuth 2.0 and get the tokens for me automatically. The magic happens at the end of step 3 in the tutorial.

Any help would be greatly appreciated.

Edit: After following the tutorial like alphaz18 suggested, I found my issue. I had forgotten to add the Authentication middle ware in the Configure part of Startup.cs .

            app.UseRouting();
            app.UseAuthentication(); // This line was missing.
            app.UseAuthorization();

1 answers

solution1
 1 ACCPTED  2020-06-23 14:49:52

I would highly recommend you follow the Microsoft sample tutorials first as they are all working. they give you all steps to get these samples working and is a great place to start: https://github.com/Azure-Samples/ms-identity-javascript-angular-spa-aspnetcore-webapi

in that tutorial you posted, I don't see anything about audience either. So where did you get that from?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Asp.Net Core Web API on Azure Sending a GET request to an ASP.NET Core Web Application API using Azure AD Authentication returns 401 Get user info of asp.net core web app which authentificated with Azure AD(advanced) Issue configuring Azure AD B2C with Asp.net Core 2 Web App Use Azure AD B2C Cookie across ASP.Net Core Web Apps Azure AD B2C: Call an ASP.NET Web API from an ASP.NET Web App without user login Azure AD Authentication in Asp.net web forms web application Integrating Azure AD authentication in ASP.NET Core boilerplate Forward client IP from ASP.NET Web API to .NET Core API hosted in Azure Azure AD B2C with ASP.NET Web API issue token for both authentication in Web API and accessing MS Graph API
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM