How to pass Azure AD authentication tokens so AngularJS can use them to call webapi

Question

After successful AD authentication from my MVC web app, I set the token in the header so that client side scripts can make use of it to access the web api.

OnAuthorizationCodeReceived() after a successful login

    private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification context)
    {
        var code = context.Code;

        ClientCredential credential = new ClientCredential(clientId, appKey);
        string userObjectID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
        AuthenticationContext authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectID));

        Uri uri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));

        AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(code, uri, credential, graphResourceId);

        HttpContext.Current.Request.Headers.Add("Authorization", "Bearer " + result.AccessToken);
    }

In the last line I set the "Authorization" header. However I can't seem to make use of that from my AngularJS end to make api calls! What am I missing here? Requirement is that I don't have to use ADAL to authenticate from the AngularJS since web app already authenticates the user and have passed me the valid tokens.

Answer 1

You could try to save the access token in cookie :

HttpCookie tokenCookies = new HttpCookie("token");
tokenCookies.Value = result.AccessToken;
tokenCookies.Expires = DateTime.Now.AddHours(1);                            
HttpContext.Current.Response.Cookies.Add(tokenCookies);

Then making ajax call with access token from cookie on client side .