AddMicrosoftIdentityWebApiAuthentication analog for .net framework

Question

I have several Web APIs, some implemented using .Net Core, others using the .NET framework.

I use AD and AddMicrosoftIdentityWebApiAuthentication to authenticate responses from one .NET Core service to another.

Can anyone tell me what the equivalent of AddMicrosoftIdentityWebApiAuthentication is for the .NET framework?

Thanks.

Answer 1

I'm afraid UseWindowsAzureActiveDirectoryBearerAuthentication is what you want. Here's the official sample for asp.net web api.

But the easiest way should be integrating AAD when creating the api project. And you will get code like below:

public void ConfigureAuth(IAppBuilder app)
        {
            app.UseWindowsAzureActiveDirectoryBearerAuthentication(
                new WindowsAzureActiveDirectoryBearerAuthenticationOptions
                {
                    Tenant = ConfigurationManager.AppSettings["ida:TenantId"],
                    TokenValidationParameters = new TokenValidationParameters {
                         ValidAudience = ConfigurationManager.AppSettings["ida:Audience"]
                    },
                });
        }

I had a test in my side and here's the test result. I just added configurations for the AAD. In my web.config file, I have this:

<configuration>
  <appSettings>
      <add key="ida:Tenant" value="tenant_id" />
      <add key="ida:TenantId" value="tenant_id" />
      <add key="ida:Audience" value="api://aad_client_id_used_exposing_api" />
      <add key="ida:ClientID" value="aad_client_id" />
      <add key="ida:AppKey" value="client_secret" />
      <add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" />
      <add key="ida:RedirectUri" value="https://localhost:44321/" />
      <add key="ida:GraphUserUrl" value="https://graph.microsoft.com/v1.0/me/" />
  </appSettings>

The token I generated by this request.