Reputation: 149
Azure AD 401 error - Authenticating from angular client
I have a separate angular client that I want to authenticate to using Azure AD. I am using ADAL JS and all of that seems to be working fine. I get redirected to the AD login page, and then sent back to my application. I can see the token getting passed with each subsequent http request.
However, when I try to make a secured request to my Web API I receive a 401 Unauthorized error. I am loosely following the guide here for setup. I say loosely because I'm not using MVC, my client is in a separate codebase entirely.
I am positive that my user has access to this application.
My Auth Configuration stuff looks like:
app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions()
{
TokenValidationParameters = new TokenValidationParameters()
{
ValidAudience = ConfigurationManager.AppSettings["AzureADAudience"],
},
Tenant = ConfigurationManager.AppSettings["AzureADTenant"],
AuthenticationType = "OAuth2Bearer"
});
Audience: https://login.windows.net/xyz.onmicrosoft.com/myappname
Tenant: xyz.onmicrosoft.com
The controller I'm locking down is decorated like this:
[HostAuthentication("OAuth2Bearer")]
[Authorize]
[RoutePrefix("Auth")]
Upvotes: 2
Views: 474
Answers (1)
Reputation: 5037
Is your SPA hosted with your backend? If so, then you need to change your audience to the Client ID.
ValidAudience = ConfigurationManager.AppSettings["ida:ClientID"]
Upvotes: 2
Related Questions
- Angular ng-repeat Error "Duplicates in a repeater are not allowed."
- usage details api using azure app registration in azure AD
- Why Http 401 when calling AspNet Core API secured with AAD. Our WebApp, Web API and AD Org
- ASP.NET Core SignalR returns 401 Unauthorized using Azure AD
- 401 Unauthorized when making request to Azure Mobile Service
- Single Page Application with adal.js and external web api (with AAD authentication)
- 401 unauthorize exception for multitenant web api
- Azure Native Application Common Authentication