Search code examples
c#azureasp.net-web-apiazure-active-directory

How to access web api from another web app which is in same Azure AD?

I have hosted a web api ProductInfo on Azure and register that application into Azure AD.

I have another web app UIProduct and this web app want to access the web api ProductInfo. Both are in same Domain and same Azure AD.

How can I access web api ProductInfo from web app UIProduct? Is there any token I need to generate again?

Code sample taken from this link.

After a successful login I'm at home page, then I click on about page where I write this.

    public async System.Threading.Tasks.Task<ActionResult> About()
    {
        AuthenticationResult result = null;

        string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
        AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, new NaiveSessionCache(userObjectID));
        ClientCredential credential = new ClientCredential(clientId, clientSecret);
        result = await authContext.AcquireTokenSilentAsync("App ID URI", credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));

        HttpClient client = new HttpClient();
        HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "https://demotest.azurewebsites.net/api/getdata");
        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
        HttpResponseMessage response = await client.SendAsync(request);

Getting exception:

Failed to acquire token silently as no token was found in the cache. Call method AcquireToken

Solution

  • You'll want to go register both apps in the Azure portal both as Web Apps/APIs.

    Then in your Web API, set a App ID URI as well as create any scopes you'd like to expose. If this is the only client you'll be using, you may be able to just have an Access scope, but bear in mind this is what end users will see when consenting to your app.

    In your web app, you'll then be able to set a Required Permissions for this new web API and scope. This indicates that the client should require consent for this web API and can be granted access tokens for it.

    This code sample covers this exact scenario.

    The web API basics doc also covers some conceptual info related to this scenario