Fabien Sartori
Reputation: 235
.net core 2.2 Azure Ad Jwt Token
I'm trying to validate my Azure Ad Token, obtained from the library react-aad-msal, in my .net core 2.2 middleware. The token seems to be valid, but from the backend I receive this error
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request).
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
This is my middleware
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false,
ValidIssuer = appSettings.Issuer,
ValidAudience = appSettings.Audience
};
})
.AddJwtBearer("AzureAd", opt =>
{
//opt.Authority = "https://login.microsoftonline.com/organizations";
opt.Authority = "https://login.microsoftonline.com/organizations";
opt.Audience = "api://xxxxxxxxxxxxxxxxxxxxxxxx"; // Set this to the App ID URL for the web API, which you created when you registered the web API with Azure AD.
URL for the web API, which you created when you registered the web API with Azure AD.
opt.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidAudiences = new List<string>{
// you could add a list of valid audiences
"yyyyyyyyyyyyyyyyyy"
},
ValidIssuers = new List<string>
{
// Add tenant id after https://sts.windows.net/
//"https://sts.windows.net/{YourTenantId}" //Questa è per la versione 1 del token
"https://login.microsoftonline.com/xxxxxxxxxxxxx"
}
};
opt.Events = new JwtBearerEvents()
{
OnAuthenticationFailed = AuthenticationFailed
};
});
services.AddAuthorization(options =>
{
var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(
JwtBearerDefaults.AuthenticationScheme,
"AzureAd");
defaultAuthorizationPolicyBuilder =
defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});
The token has been issued correctly from azure ad, because If i decode that token in the reactjs file, seems to have the correct information. But when I try to access to my protected WEB API with the [Authorize] attribute, the error appear. Thank you for your help!
Upvotes: 0
Views: 700
Answers (1)
AlfredoRevilla-MSFT
Reputation: 3485
Replace
opt.Authority = "https://login.microsoftonline.com/organizations";
with
opt.Authority = "https://login.microsoftonline.com/{tenant id or name}";
Upvotes: 1
Related Questions
- Azure AD for React and Spring security using JWT
- Azure AD JWT Token Error in .NET Core 3.1
- Azure AD Multi Tenant ,.Net Core Web API with JWT Token
- Azure AD Authentication in ASP.NET Core 2.2
- React/.Net Core Authentication with Azure AD MSAL
- Asp-Net-Core WebApi Authentication using Azure ActiveDir oAuth2.0 JWT Token Microsoft Graph
- Authentication basics in API Backend (.NET Core) using Azure AD
- JWT Token based Authentication in Azure AD
- asp.net core webapi secured by Azure Active Directory v1
- AAD V2 in ASP.NET Core WebAPI with JwtBearer