Active Directory authentication of Web App using WebAPI

Question

We have

• a standalone single-page application which is served from domain1 OR cordova

and

• a WebAPI with ASP.NET Identity on domain2.

So far we have username + password, but now we want to add Active Directory authentication and use AD claims for authorization on the backend.

The ADAL libraries work fine, but how do we add the WebAPI (not MVC) into the authentication chain?

It seems the single-page-app libraries authenticate directly with AD, but ultimately we have to obtain a cookie from the WebAPI.

What am I missing?

Update: Found UseWindowsAzureActiveDirectoryBearerAuthentication

Answer 1

You'll need to use the Open Id Connect Middleware (that UseWindowsAzureActiceDirectoryAuthentication you pointed out) with Azure AD (or Azure AD Passport.js for Node) to set cookies and accept tokens on a web api.

The Azure AD Developer Guide is always a good place to start; however, there is a OWIN code sample for this specific instance.