C
C#9mo ago
stayclaxxy

❔ Calling an Azure AD protected Web API endpoint from an Azure AD protected Web App [.NET 7]

I am having trouble getting the correct flow/configuration to call my Web API Endpoint that is protected with Azure AD. This is how the Authentication is configured on the web API currently: 
builder.Services.AddMicrosoftIdentityWebApiAuthentication(builder.Configuration, "AzureAd");
builder.Services.AddMicrosoftIdentityWebApiAuthentication(builder.Configuration, "AzureAd");
The Configuration just has the details like clientId, TenantId, Domain, Audience and secret, etc. This is how I am setting up authentication on the web app: (the only scope is an expose API from the API App registration named "WeatherForecast") 
string[] initialScopes = new[] { "api://33..38/WeatherForecast" };

// Add services to the container.
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration)
    .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
    .AddInMemoryTokenCaches();
string[] initialScopes = new[] { "api://33..38/WeatherForecast" };

// Add services to the container.
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration)
    .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
    .AddInMemoryTokenCaches();
My question is, how do I get the access token to add to the authorization header to call my web api endpoint? The endpoints are role-based based on the user's roles, so is On-Behalf-Of flow the correct flow to use here? If so, I have looked at Microsoft's examples, and I am still very confused on how to achieve what I want to do. TIA!
5 Replies
0xDEADBEEF
0xDEADBEEF9mo ago
you don't need to do it manually. when you call with IDownstreamAPI, it'll resolve the scope with the associated named api
The endpoints are role-based based on the user's roles, so is On-Behalf-Of flow the correct flow to use here?
Oh missed this bit. I'm mainly familiar with client credentials flow
stayclaxxy
stayclaxxy9mo ago
I'm not familiar with IDownstreamAPI, could you link the docs by chance? I was just trying to get the access_token manually via the HttpContext, but when I use GetTokenAsync("access_token") it always returns null, and I've injected the HttpContext into my controller.
0xDEADBEEF
0xDEADBEEF9mo ago
These might be good resources https://github.com/AzureAD/microsoft-identity-web/wiki/v2.0 and https://github.com/AzureAD/microsoft-identity-web/wiki/adding-call-api-to-web-app
GitHub
v2.0
Helps creating protected web apps and web APIs with Microsoft identity platform and Azure AD B2C - AzureAD/microsoft-identity-web
GitHub
adding call api to web app
Helps creating protected web apps and web APIs with Microsoft identity platform and Azure AD B2C - AzureAD/microsoft-identity-web
stayclaxxy
stayclaxxy9mo ago
ironically, i've already read these haha. I wasn't going the IDownstreamApi route, and was just going to call the API using an injected httpclient. I am also kind of wondering if my azure registrations are incorrect, i'm not an azure guru sadly, and just trying to learn as I go
Accord
Accord9mo ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server
More Posts
❔ Creating a github workflow to test solution (MSTest)I have this solution https://github.com/caedenph/wa-tor I have two projects within it, the base on❔ blazor .net8 vs angularwhy .net developers insist on angular in it's job,, the track of learning .net plus angular is long,❔ I am Kinda lost right nowGetting all data from DB in Csharp and adding each Row to the HTML Table?❔ Reading from stdinSo, I'm trying to work with basic IO stuff. I have this snippet: ```cs string line; while ((line = C❔ Project depended on cvextern.dll EVEN with resource embedingIn my dotnet project, i use Emgu cv, specifically Emgu cv runtime windows, I also use costura fody t❔ Difficulty to find PostgreSQL data source to connect with database by EFCore.I'm trying to use EFCore to connect my database to my code, but i cant find the data source of my Po❔ IL CodeGen for toy compiler [advice]I am trying to learn more about compilers. I'd like to target some type of IR language for a toy com❔ switchI looked at the microsoft docs and it shows a example of a switch statement, the thing is the exampl❔ why does it say this variable is undeclared?Can you await a Task and return Task<bool> (with a constant bool value) without the `await` keyword?I came up with this code which does what I want: ```cs Task myTask = ... return myTask.ContinueWith(