Reputation: 11449
Azure Mobile Services token validation in Web API and MVC
I have a Xamarin mobile app that uses the Azure Mobile Services SDK to authenticate a user against social providers. I get the token and attach it to http request hitting my Web API ASP.NET application (that I'm deploying as an Azure Cloud Service) as a bearer token.
I need to validate the bearer token and get a ClaimsIdentity to work with in my ApiController. Do I need to use the Mobile Service .NET Backend nuget packages for this? How can I?
EDIT:
Created an empty ASP.NET application Added a Web API controller
Installed Mobile Services .NET Backend nuget package
Set appsettings values for keys MS_MobileServiceName, MS_MasterKey, MS_ApplicationKey from values in Azure Management Console
Set [AuthorizeLevel(AuthorizationLevel.User)] on my HttpGet operation in my ApiController
Cast User to ServiceUser
Create http request with bearer token from Google Auth thru Azure Mobile Service SDK
User is null!
Upvotes: 1
Views: 630
Answers (1)
Reputation: 16199
Use attributes such as
[AuthorizeLevel(AuthorizationLevel.Anonymous)]
[AuthorizeLevel(AuthorizationLevel.User)]
On the methods in your API to validate depending on which role you want.
Then use
var currentUser = User as ServiceUser;
to get the current user in the method, if the AuthorizationLevel is not Anonymous.
And setup your AppSettings as necessary. Change the MasterKey and ApplicationKey if you are testing the MobileService on localhost.
<appSettings>
<!-- Use these settings for local development. After publishing to
Mobile Services, these settings will be overridden by the values specified
in the portal. -->
<add key="MS_MobileServiceName" value="[NAME HERE]" />
<add key="MS_MasterKey" value="[INSERT HERE]" />
<add key="MS_ApplicationKey" value="[INSERT HERE]" />
<add key="MS_MicrosoftClientID" value="Overridden by portal settings" />
<add key="MS_MicrosoftClientSecret" value="Overridden by portal settings" />
<add key="MS_FacebookAppID" value="Overridden by portal settings" />
<add key="MS_FacebookAppSecret" value="Overridden by portal settings" />
<add key="MS_GoogleClientID" value="Overridden by portal settings" />
<add key="MS_GoogleClientSecret" value="Overridden by portal settings" />
<add key="MS_TwitterConsumerKey" value="Overridden by portal settings" />
<add key="MS_TwitterConsumerSecret" value="Overridden by portal settings" />
<add key="MS_AadClientID" value="Overridden by portal settings" />
<add key="MS_AadTenants" value="Overridden by portal settings" />
<!-- When using this setting, be sure to also set the Notification Hubs connection
string named "MS_NotificationHubConnectionString". -->
<add key="MS_NotificationHubName" value="Overridden by portal settings" />
<add key="Microsoft.ServiceBus.ConnectionString" value="Endpoint=sb://[your namespace].servicebus.windows.net;SharedSecretIssuer=owner;SharedSecretValue=[your secret]" />
</appSettings>
Upvotes: 0
Related Questions
- AzureAD Token Validation
- How to validate an Azure B2C JWT token in a web API?
- Azure Mobile Services, HttpClient, Authorization
- JWTBearer Token Validation in Azure Apps
- How to handle Authentication tokens
- Azure Mobile Services and Web API authentication
- Validating Azure Mobile Service token in a WebApi service
- Validate token in Azure mobile services with custom authentication
- Aspnet Web API Authentication on mobile clients
- ASP.NET Web API Authentication (Web + Mobile)