Reputation: 3407
Getting user info from Azure API App when authenticated via browser form
When authenticating in Chrome and x-zumo-auth header using Postman, my API app successfully identifies a user's upn using the following code in the controller:
Runtime runtime = Runtime.FromAppSettings(Request);
EmaUserInfo user = runtime.CurrentUser;
TokenResult token = await user.GetRawTokenAsync("aad");
string upn = token.Claims[ClaimTypes.Upn];
However, when using the code from Microsoft's AzureCards Console Client example (adding a browser to a forms window and capture the zumo token), I am unable to get the user's aad token and get the following error from the API app:
Request to https://[gateway].azurewebsites.net/api/tokens?tokenName=aad&api-version=2015-01-14 GET failed BadRequest 400 (Bad Request)
{
"status": 400,
"source": "https://[gateway].azurewebsites.net/api/tokens?tokenName=aad&api-version=2015-01-14",
"message": "Microservice '[API App]' only has permissions for token ''. Can't get token 'aad'"
}
Interestingly, this even happens when I'm set a breakpoint and copy the zumo token from my test program into postman. The program fails and postman returns successfully. As far as I can tell, they're sending the exact same requests. What could I be missing?
Edit: I've done some more testing and discovered that the Postman method yields the same error when done in incognito mode. This leads me to believe that it's not just the x-zumo-auth header that needs to be set, but that there's also some cookie that needs to be set in order for the user work properly. I can also get the error if I generate the token, delete the cookies from the apiapp url and POST a request with only the token.
Upvotes: 1
Views: 1282
Answers (1)
Reputation: 1973
The API App should have an: authentication" array with which looks like this:
"authentication": [{"type": "aad"}]
Your final apiapp.json should be something like that:
{
"$schema": "http://json-schema.org/schemas/2014-11-01/apiapp.json#",
"id": "YourApiApps",
"namespace": "microsoft.com",
"gateway": "2015-01-14",
"version": "1.0.0",
"title": "YourApiApps",
"summary": "",
"author": "",
"endpoints": {
"apiDefinition": "/swagger/docs/v1",
"status": null
},
"authentication": [{"type": "aad"}]}
Then, please redeploy and check again. It should fix the issue.
Upvotes: 6
Related Questions
- Get logged in user with Azure Web Apps Auth
- Get Current logged in user details from Azure AD in Web API controller
- Get user details with azure active directory as authentication provider
- Obtain user from Azure Web App using AD authentication
- Get user details with ClaimsPrincipal.Current
- Get user name from Azure authenticated AD in .Net Web API
- Get User Information while Authenticating from Azure Active Directory
- Microsoft Account Authentication in API App on Azure
- Azure API APP authentication using Azure AD
- Get authenticated user information in Azure Api App