Is it possible to have an ASP.NET Core 2 with Angular 5 and Azure AD Authentication? What I mean is implement the AD Auth using ASP.NET Core 2 and when the authentication is successful, then redirect to the Angular 5 app with some claims and tokens so that any calls to an ASP.NET Core API from Angular will include the authentication token/claims.
I know there is the ADAL angular wrapper you can actually implement the Azure AD Auth, but just wanted to know if my scenario could work...
You can, I have an app doing that now. Basically your Angular frontend will redirect the user to login at Azure.. Azure will then redirect back to your angular app with the token. ADAL plugin should snag that token from the callback URL. You then make the API calls with the Token. The .Net Core backend will verify the token with Azure.
So think of it this way: User -> AngularApp -> Azure Login -> AngularApp w/token -> API Call to backend w/token -> API Backend verifies token with Azure each call
Related
I've got a .NET Core application authenticating via Azure B2C however I now want to authenticate the REST API calls in Javascript using the bearer token.
The REST APIs (Azure Function) exist at a different URI to the Web Application hence another Azure Application has been created to support and linked to the existing Web Application as per the Microsoft KB's
Obviously the Javascript REST API needs to pass the authorization header along with the bearer token.
I'm trying to plumb the MSAL JS library using Msal.UserAgentApplication and call the acquireTokenSilent.
Is this the correct approach? Or should the Web App share the token from ASP.NET into JS by some means.
I'm working on a web application deployed on an azure webapp authenticated with Azure AD.
It is mostly based on the angular template for ASP.Net Core. The backend hosts the frontend in a ClientApp directory.
For the authentication, the frontend works with the msal-angular plugin which on access redirects to the Azure AD authentication page. After login, the login page redirects back to the frontend, which catch the token, and makes all the calls to the backend with the token in the authorization bearer header.
The .Net Core backend is configured with :
services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
.AddAzureADBearer(options => Configuration.Bind("AzureActiveDirectory", options));
Finally, to make all these works, I have in the Azure AD app registration one entry for the backend and another for the frontend.
This works well, but we want to move away from that to use the Authentication directly on the webapp.
This way we could secure even more the application which would not even be downloaded if the user is not authenticated.
How do I manage to do that ?
Do I need to remove all authentication code from the backend and frontend ?
Do I still need 2 entries in the app registration on azure AD or one is now enough ?
How will I know which user is connected ? Actually I use the IHttpContextAccessor to get the UPN Claim.
Thanks for the help
Is their any Angular 2/4 library/Sample Code available for creating token for Client credential authentication in Azure Active Directory?
We need to create application based on Angular, Django and with integrations with Azure B2C AD.
Now, we have done part with Angular, we make request to Azure B2C, when user will be sign in, it return to angular app with ?id_token.
And there is our problem, because frontend need to communicate with our backend written in Django. We need to secure this connections and get know who is making request.
We want to create something like that:
angular->Azure B2C
Azure B2C->(with id_token)->angular
angular->Django(with id_token)->create session->angular(send session_key)
angular->Django(with session_key->angular(with requested data)
And there is problem, we don't know how to verify that user is successfully signed in in Azure. (Part which I make italic).
You should get an Authorization Code from AAD B2C and not a token, as the OAuth 2.0 authorization flow describes it.
So you should do:
Angular -> Azure B2C
Azure B2C -> (with auth code) -> Angular
Angular -> Django(with auth code) -> retrieve access_token and refresh_token
Angular -> Django Secured API (with access_token)
We just released our own implementation of Angular + AAD B2C (running on ASP.NET Core but the logic should be the same, you will only need to find the Django equivalent), if you want to see how to do it: https://github.com/3DSemantix/angular-asp.net-core-aad-b2c
I have an ASP.NET MVC5 application which has WEB API2 project with few controllers within it. I have setup AzureAD authentication for the ASP.NET MVC5 project using AzureAD and OpenID connect and OWIN middleware.
Everything is working fine from ASP.NET MVC project point of view. The WEB API2 controller are used here to process the requests coming from angularjs, Android
and iOS app. There is a requirement for a WebAPI controller to process requests from unauthenticated clients (angularjs, Android, iOS apps) which issue AJAX requests.
Prior to the AzureAD authentication setup it was configured with on premise ADFS authentication. In this case I followed the below link to by pass on premise ADFS authentication for the
WEB API2 controllers and it worked fine for me.
Can I bypass organizational authentication for a WebAPI controller inside an MVC app?
Can anyone help me to know how to bypass the azuread authentication for the WEB API2 controllers to allow requests from unauthenticated clients in this case with some code samples ?
The web API controller is access-able for anonymous user by default. If you got the unauthenticated issue(401) when the anonymous user access that controller, please check whether there is Authorize attribute for the specific controller and remove that attribute.