I have a standalone web api application with angular interface and now I need to start user authentication through Azure Active Directory.
I downloaded the SinglePageApp example, and I installed it and successfully executed it. https://github.com/Azure-Samples/active-directory-angularjs-singlepageapp-dotnet-webapi
When making the necessary changes to my own application, I can successfully redirect the user to the Azure login screen and return the user file using adal.js / adal_angular.js. I get 401 unauthorized errors when I call my API, but using Fiddler, I see that the token is added to the HTTP header in every call.
Here is my AdalAngular installation:
.config(["$httpProvider", "adalAuthenticationServiceProvider", ($httpProvider, adalProvider) => { adalProvider.init( { instance: "https://login.microsoftonline.com/", tenant: "<snip>.onmicrosoft.com", clientId: "<snip>", extraQueryParameter: "nux=1", cacheLocation: "localStorage" // enable this for IE, as sessionStorage does not work for localhost. }, $httpProvider);
Here is my startup.cs code:
public void Configuration(IAppBuilder appBuilder) { ConfigureWebApi(appBuilder); ConfigureAuth(appBuilder); ConfigureFileSystem(appBuilder); appBuilder.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); } private void ConfigureWebApi(IAppBuilder appBuilder) { // Configure Web API for self-host. HttpConfiguration config = new HttpConfiguration(); config.MapHttpAttributeRoutes(); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); appBuilder.UseWebApi(config); } private void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = ConfigurationManager.AppSettings["ActiveDirectoryTenant"], Audience = ConfigurationManager.AppSettings["ActiveDirectoryApplicationId"] }); } private void ConfigureFileSystem(IAppBuilder appBuilder) { //Set the Welcome page to test if Owin is hosted properly appBuilder.UseWelcomePage("/welcome.html"); appBuilder.UseErrorPage(new Microsoft.Owin.Diagnostics.ErrorPageOptions() { ShowExceptionDetails = true }); var physicalFileSystem = new PhysicalFileSystem(@".\wwwroot"); if (ConfigurationManager.AppSettings.AllKeys.Contains("ContentPath")) { var path = ConfigurationManager.AppSettings["ContentPath"]; physicalFileSystem = new PhysicalFileSystem(path); } FileServerOptions fileOptions = new FileServerOptions(); fileOptions.EnableDefaultFiles = true; fileOptions.RequestPath = PathString.Empty; fileOptions.FileSystem = physicalFileSystem; fileOptions.DefaultFilesOptions.DefaultFileNames = new[] { "index.html" }; fileOptions.StaticFileOptions.FileSystem = fileOptions.FileSystem = physicalFileSystem; fileOptions.StaticFileOptions.ServeUnknownFileTypes = true; appBuilder.UseFileServer(fileOptions); }
Where the ActiveDirectoryTenant and ActiveDirectoryApplicationId are in my app.config and correspond to what exactly is configured in my angular adalProvider.init.
Finally, my ApiController looks like this:
[Authorize] [RoutePrefix("api/connection")] public class ServerConnectionController : ApiController { [Route("all")] [HttpGet] public HttpResponseMessage GetAllConnections() { HttpResponseMessage response; try { string owner = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; var connections = _iDataAccess.GetAllConnections().ToList(); response = Request.CreateResponse(HttpStatusCode.OK, connections); } catch (Exception ex) { response = GetExceptionResponseMessage(ex); } return response; } }
As already mentioned, the HTTP request header captured by Fiddler looks fine, and the aud property in my ADAL.js userInfo.profile is the correct application.
Any suggestions on what might be missing? Note that this is not a native network-based application, it is self-service, which means that the web service runs on localhost as a Windows service, and not in IIS.
I set up the site to use HTTPS, but I get the same problem regardless of HTTP or HTTPS traffic.
Thank you for listening!