Secure ASP.NET WebAPI 2 using Azure Active Directory AD with ADAL JS


 

What we will use
  • OAuth 2.0 middleware
  • ASP.NET WebAPI 2.2
  • Authentication Project Template: Organization Account
  • Azure Active Directory
  • SPA
  • Azure AD Authentication Library (ADAL) for javascript
  •  
Create a WebAPI Project with Organizational Accounts
  • Cloud – Single Organization
  • Domain/AD Tenant – yourorganization.onmicrosoft.com
  • Access Level – Single Sign On (i.e. lets the directory issue tokens for your application)
    • Other access level include “Read/ReadWrite Directory data” using the REST Graph API
Setup:

At Startup.Auth.cs

// ida:Tenant – yourorganization.onmicrosoft.com
// ida:Audience –
https://yourorganization.onmicrosoft.com/MyWebAPIProjectName
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings[“ida:Tenant”],
TokenValidationParameters = new TokenValidationParameters {
ValidAudience = ConfigurationManager.AppSettings[“ida:Audience”]
},
});

Publish the WebAPI app.

Register the SPA App with Azure AD
  • Go to Active Directory –> Application
  • Add Application (Web Client)
  • Add Sign-On Url
  • Add App ID Url
  • Add Redirect URI
  • Enable OAuth2 Implicit Grant – refer to sample app readme.
  • Configure the App.js tenant, clientId with web.config ‘s ida:Tenant & ida:Audience respecitively.

p.s. As of Dec. 20 2014. Looks like the sample is still not ready for hosting the client app in Azure. i.e. the client app will only work when running localhost.

Reference: https://github.com/AzureADSamples/SinglePageApp-DotNet

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s