Secure ASP.NET WebAPI 2 using Azure Active Directory AD with ADAL JS


What we will use
  • OAuth 2.0 middleware
  • ASP.NET WebAPI 2.2
  • Authentication Project Template: Organization Account
  • Azure Active Directory
  • SPA
  • Azure AD Authentication Library (ADAL) for javascript
Create a WebAPI Project with Organizational Accounts
  • Cloud – Single Organization
  • Domain/AD Tenant –
  • Access Level – Single Sign On (i.e. lets the directory issue tokens for your application)
    • Other access level include “Read/ReadWrite Directory data” using the REST Graph API

At Startup.Auth.cs

// ida:Tenant –
// ida:Audience –
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
Tenant = ConfigurationManager.AppSettings[“ida:Tenant”],
TokenValidationParameters = new TokenValidationParameters {
ValidAudience = ConfigurationManager.AppSettings[“ida:Audience”]

Publish the WebAPI app.

Register the SPA App with Azure AD
  • Go to Active Directory –> Application
  • Add Application (Web Client)
  • Add Sign-On Url
  • Add App ID Url
  • Add Redirect URI
  • Enable OAuth2 Implicit Grant – refer to sample app readme.
  • Configure the App.js tenant, clientId with web.config ‘s ida:Tenant & ida:Audience respecitively.

p.s. As of Dec. 20 2014. Looks like the sample is still not ready for hosting the client app in Azure. i.e. the client app will only work when running localhost.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s