AcquireTokenForUser in ASP.NET Core Web app
I have a AspNetCore app in net6.0. The user is asked to login against Azure Ad (Entra).
After this is done, the web app needs to make a call to an API. The endpoint it hits has a scope requirement. This is a scope the web app registration has permission for in Azure.
How do I get a hold of a token containing that scope, so I can use it to authorize in the API? I've looked at _tokenAcquisition.AcquireTokenForUser, but even if I have all AzureAd configuration in pla, including a client secret, it says no account or login hint was passed to AcquireTokenSilent.
Reading the documentation confuses me, and it's hard to find a concrete example of what I'm after. I've tried different solutions in code, but none seem to work.
Any help appreciated, and let me know if more info is needed, thanks!
According to the error message, we can only say that you didn't sign in successfully so that the _tokenAcquisition failed to work. Since you didn't share how you compose your code, pls allow me to share my steps.
Firstly, I created a new .net 8 mvc application, when creating the app, I choose "Microsoft Identity Platform" as the authentication type. Then I need to modify the appsettings.json, Program.cs and HomeController.
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"ClientId": "aad_client_id",
"ClientSecret": "client_secret",
"Domain": "tenant_id",
"TenantId": "tenant_id",
"CallbackPath": "/signin-oidc"
},
In Program.cs, add toke acquisition service, and http service to send http request.
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
.EnableTokenAcquisitionToCallDownstreamApi()
.AddInMemoryTokenCaches();
builder.Services.AddHttpClient();
Then inject related service to generate access token and send http request.
[Authorize]
public class HomeController : Controller
{
private readonly ILogger<HomeController> _logger;
private readonly ITokenAcquisition _tokenAcquisition;
private readonly IHttpClientFactory _httpClientFactory;
public HomeController(ITokenAcquisition tokenAcquisition, ILogger<HomeController> logger, IHttpClientFactory httpClientFactory)
{
_tokenAcquisition = tokenAcquisition;
_logger = logger;
_httpClientFactory = httpClientFactory;
}
public async Task<IActionResult> IndexAsync()
{
var accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(new string[] { "api://client_id_exposing_API/Tiny.Read" });
var httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, "https://localhost:7076/home/getData")
{
Headers =
{
{ HeaderNames.Authorization, "Bearer "+ accessToken}
}
};
var httpClient = _httpClientFactory.CreateClient();
var response = await httpClient.SendAsync(httpRequestMessage);
if (response.StatusCode == HttpStatusCode.OK)
{
var result = await response.Content.ReadAsStringAsync();
}
return View();
}
[AllowAnonymous]
public string getData() {
return "success";
}
}
Just like you see, after I sign in the app and hit the action method, I can generate access token successfully which containing correct scope I set in my method.
Nuget packages I used are generated by VS 2022 template:
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0" NoWarn="NU1605" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.0" NoWarn="NU1605" />
<PackageReference Include="Microsoft.Identity.Web" Version="2.15.2" />
<PackageReference Include="Microsoft.Identity.Web.UI" Version="2.15.2" />
<PackageReference Include="Microsoft.Identity.Web.DownstreamApi" Version="2.15.2" />
</ItemGroup>
- Asp.Net Core - The configured user limit (128) on the number of inotify instances has been reached
- After Get success, why does first Angular 9 Put request succeed on MVC Core 2.2 API Controller, but fails on next PUT with http err 302 and/or 503?
- Entity Framework search multiple words
- 'Access-Control-Allow-Origin' in ASP.NET Core 6
- How to run dotnet tests in a specific environment?
- How can I make my Blazor Web App save the login infor entered as it would in InteractiveServer but still be able to use the HttpContext for login?
- Exchanging a google idToken for local openId token c#
- Is the ConfigureApplicationCookie(...) designed to allow us to configure an existing cookie by default in the default scheme (Cookies)?
- ASP.NET Azure AD / Entra Authentication - App roles in token, but not being assigned to principal
- How to save Stream data from external GET request in .NET
- How to manage user claims?
- How can I use Dependency Injection in an ASP.NET Core ActionFilterAttribute?
- How to get Role Claims in asp.net core 6 web api?
- Unexpected System.BadImageFormatException: Index not found That is Fixed with Restart
- ASP.NET Core Web API - FluentValidationMvcExtensions.AddFluentValidation(IMvcBuilder, Action<FluentValidationMvcConfiguration>)' is obsolete
- Write and read string from MemoryStream
- I'm getting malformed multipart POST when I try to post data to remote API with C# HttpClient
- How to Implement Polymorphic Request Bodies in ASP.NET Core Web API with Swagger UI?
- How to set up Automapper in ASP.NET Core
- What means skipNegotiation in SignalR HubConnection?
- BasePageModel in Razor Pages
- How to auto increment the version (eg. “1.0.*”) of a .NET Core project?
- Secrets inject securely Dockerfile during build .NET
- EF Core 8 does not merge entities
- How to use appsettings.json in Asp.net core 6 Program.cs file
- How to determine if asp.net core has been installed on a windows server
- .NET 8 Blazor Server - role authorization with Windows Authentication
- Should EFCore migrations be committed to version control?
- EF Core one-to-one relation returns one-to-many relation
- How to deal with Id property in DTO in ASP.NET Web API