Reputation: 76
WebAPI Secured with Azure AD Authentication not working on IIS but working fine on IIS Express using Visual Studio
I am working on a AnguarJS SPA application calling with an Asp.Net WebAPI.
I have registered both the Client as well as the Backend Application on the Azure AD.
My Client/Web Application is registered with the following details:
- Sign On URL: http://localhost:93
- APP ID URL : http://xyz.onmicrosoft.com/XYZLocalClient
- ClientID: 34A721C3-20E4-41D5-9BC1-486A99BF7C26
- Reply URL: http://localhost:93
I have given the permissions to other applications (delegated permission) for the client app to access the WebAPI (LocalWebAPI).
My WebAPI has the following setup:
It is using the OWIN Middleware with the startup.cs file as:
public class Startup { public void Configuration(IAppBuilder app) { ConfigureAuth(app); }
private void ConfigureAuth(IAppBuilder app) { var azureADBearerAuthOptions = new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = ConfigurationManager.AppSettings["ida:Tenant"] }; azureADBearerAuthOptions.TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters() { ValidAudience = ConfigurationManager.AppSettings["ida:Audience"] };app.UseWindowsAzureActiveDirectoryBearerAuthentication (azureADBearerAuthOptions); }
It is registered on the Azure AD with the following parameters:
SIGN-ON URL: http://localhost:93/Api/V1/ APP ID URI: https://xyz.onmicrosoft.com/LocalCognia Reply URLs: http://localhost:93/Api/V1/*
My Web.Config file is:
<add key="owin:AutomaticAppStartup" value="true"/>
<add key="ida:Tenant" value="xyz.onmicrosoft.com" />
<add key="ida:Audience" value="34A721C3-20E4-41D5-9BC1-486A99BF7C26" />
I have also decorated my controller with the [Authorize] Attribute.
Everything seems to be working fine. I am able to authenticate the user and able to access the resources from the WebAPI when I run my application from the Visual Studio 2015 environment (IIS Express).
But as soon as I deploy my application on the IIS Server, using the same parameters, (expect that the application is now on localhost:8087 and with the reply URL for the client app as: localhost:8087), I am getting error as 401: UnAuthroized user on calling the WebAPI.
I am getting the token in the Headers for the WebAPI call, but still getting the error. Not sure of this behavior. Can someone please help on this?
Upvotes: 2
Views: 1115
Answers (1)
Reputation: 11
Please use below code in your ConfigureAuth :
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = ConfigurationManager.AppSettings["ida:Audience"]
},
});
Upvotes: 0
Related Questions
- ASP.NET Web API authorized using Azure AD: Authorization has been denied
- Secure web api with AAD -Authorization has been denied for this request
- Web API (.NET Framework) Azure AD Authentication always returns 401 Unauthorized
- Azure AD: Calling web API gives error 401
- Unable to access a WebApi from a MVC Web app where both are secured by Azure AD B2C
- WebAPI Non-interactive authenticating to Azure AD using username & password
- ASP.Net WebApi responding unauthorized acess
- Azure AD authentication in published WebAPI not working
- webapi doesn't work on azure
- Authentication of a WebAPI with Azure Active Directory