SamiHuutoniemi
Reputation: 1595
Get authentication token with Blazor Server and Azure AD authentication
I have set up Azure AD authentication with a Blazor server app. It works. I get redirected to login after which I get returned to the app.
In Startup.cs:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
I can get claims through
var authState = await AuthenticationStateProvider.GetAuthenticationStateAsync();
var user = authState.User;
But how do I get an authentication token? I want it so that I can use it to authenticate with Microsoft Graph. I can't find anything in Azure AD besides the checkbox to include an auth token (which is checked). Any ideas?
EDIT with my changes to the accepted answer:
var scopes = new[] { "user.read" };
services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "AzureAd")
.EnableTokenAcquisitionToCallDownstreamApi(scopes)
.AddInMemoryTokenCaches();
services.AddDownstreamWebApiService(Configuration);
services.AddMicrosoftGraph(scopes, "https://graph.microsoft.com/v1.0");
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
}).AddMicrosoftIdentityUI();
Upvotes: 0
Views: 3792
Answers (1)
Jason Pan
Reputation: 22082
You can use this demo project in github which with Azure AD Authentication, that calls the Microsoft Graph API on-behalf of the signed-in user.
public void ConfigureServices(IServiceCollection services)
{
// replace this line
//services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
//.AddAzureAD(options => Configuration.Bind("AzureAd", options));
// with this
string[] scopes = Configuration.GetValue<string>("CalledApi:CalledApiScopes")?.Split(' ');
services.AddMicrosoftWebAppAuthentication(Configuration, "AzureAd")
.AddMicrosoftWebAppCallsWebApi(Configuration,
scopes,
"AzureAd")
.AddInMemoryTokenCaches();
services.AddDownstreamWebApiService(Configuration);
services.AddMicrosoftGraph(scopes,
Configuration.GetValue<string>("CalledApi:CalledApiUrl"));
// Added AddMicrosoftIdentityUI()
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
}).AddMicrosoftIdentityUI();
services.AddRazorPages();
// Add consent handler
services.AddServerSideBlazor().AddMicrosoftIdentityConsentHandler();
services.AddSingleton<WeatherForecastService>();
}
We can use Graph directly.
Upvotes: 3
Related Questions
- Confused on how to get access tokens from B2C in Blazor App
- Blazor using Azure AD authentication allowing anonymous access
- Call Api from blazor and pass Auth token
- Blazor Server Side and Azure B2C Login using invite, how to authenticate with returned token?
- Why is the returned access token null in a Blazor Server-Side application?
- How to obtain a JWT token in Blazor code using OpenID Connect
- Blazor server - get AAD access token from current logged in user
- Accessing user token when using AzureAdB2C with Microsoft.Identity.Web
- Azure B2C - Issuer (Azure AD) access token in Blazor
- How can I get Bearer Token using Username and Password form AD B2C