Forward user token from ASP.NET Core to Azure Mobile App
We have following registered Azure Active Directory Applications
- Xamarin App
- Web API
- Web App
and three Applications
- Xamarin App
- ASP.NET Core Web App
- ASP.NET MVC 5 Web API (still the old world, because MobileAppController is not supported in ASP.NET Core)
What works: the user can authenticate inside the Xamarin App and can call the Web API. Every thing works here. The user is also able to login into the Web App (uses OpenID Middleware with Azure Active Directory endpoint and redirect), but the call from the Web App to the Web API fails: unauthorized.
What or how do we pass the credentials or tokens from the authenicated user in the ASP.NET Web App? We cannot find any working sample.
Do we have to configure any trusts between the AAD registered applications? At this point of time, the Xamarin App and the Web App have a trust to the Web API. Not vise versa.
We think just one person at Microsoft really (or tried to) documented Azure Mobile App but he is no Microsoft employee anymore.
Do we have to configure any trusts between the AAD registered applications?
We need to grant the the web API app to the web app as figure below. Normally, when we call the web API with the token, it will verify the claims and signature in the token. So for the unauthorized issue, please check the claims by decoding it from this site. You should ensure the aud claim matched the audience configed in the web API project etc.
If it doesn't match you should acquire the web API token using the App Id URI as the resource.
If you still have the problem, please show the code how you acquiring the token and protecting the web API.
In addition, here are two links about calling protecting web API with Azure AD:
active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore
- List users with roles in a razor page using asp.net 6.0 Identity
- EF Core 8 database first with Identity User tables
- ASP Net identity two factor authentication last expired token is getting validated successfully
- The entity type 'Microsoft.AspNet.Identity.EntityFramework.IdentityUserLogin<string>' requires a key to be defined
- Invalid object name 'dbo.AspNetUsers' in Asp.NET MVC 5 Entity Framework
- How to get current user in asp.net core
- Cookie LoginPath not redirecting to path
- ASP.NET MVC Creating User: Multiplicity is not valid
- ASP.NET Core MVC pass a url parameter to the POST
- "Correlation failed." after upgrading 'Microsoft.IdentityModel.JsonWebTokens' and 'System.IdentityModel.Tokens.Jwt'
- Add claims to admin when db is launched first time
- Editing custom ASP.NET IdentityUser properties in Blazor
- Invalid_client using OpenIdConnect in client application
- ASP.Net Core Identity User Edit Page passing back null roles
- The AspNetUserRoles table was cleared during migrations
- why offline_access scope is needed to request refresh token in IdentityServer (OAuth2)?
- Combine auth cookies and bearer token at the same time
- Unauthorised webapi call returning login page rather than 401
- Cosmos provider for Entity Framework Core creating container with DbContext class name
- Is it possible to get user list with paging, sorting IdentityUser Tables .Net Core
- How to Create a Generic Repository in C# that Handles Both BaseEntity and IdentityUser<int> Types?
- ASP.NET Core Identity does not inject UserManager<ApplicationUser>
- URL with parameter only reaching IIS on localhost
- Cannot implicitly convert type 'System.Collections.Generic.IEnumerable' to 'System.Web.Mvc.ActionResult'
- Difference in hashing algorithms of .Net Identity and .Net Core Identity
- User.Identity.Name is null after local login
- JWT with Identity .NET 8
- Can an AppUser : IdentityUser get linked to an Employee-entity while keeping separation of concerns with Dependency inversion in Clean architecture
- How does one control access to third party weak-security website from an asp.net.identity App?
- ASP.NET Core 8 - Authorization redirecting to Account/AccessDenied