c# - How to consume Azure REST API App with Azure Active Directory authorization On -

-

i have deployed api app azure, having problems creating api client if authentication (with aad) set on.

when try generate service client (when authentication off), client code generated (it's done autorest) , code working, when switch authentication on (and action take when request not authenticated set login azure active directory), then

1) service call returned 401 unauthorized (without redirecting aad login page)

2) tried generate service client once more (from project's context menu -> add -> rest api client -> in dialog box chose "select azure asset" , pressed ok , got message "failed download metadata file microsoft azure api app: ...app name..." (and "no additional information available")

i implementing aad according azure manual (using express settings):

https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-active-directory-authentication/

was working according video, , shown in video working, except aad not demonstrated... , me it's not working...

https://azure.microsoft.com/en-us/documentation/videos/connect-2015-what-s-new-in-app-service-api-apps/

any suggestions?

edit

1) if enter request url (that rest api client uses) in web browser - returns valid results 2) found out using rest api without credentials (i thought azure ad login screen should presented in case... isn't)

edit 2

i got progress - got aad login screen, after entering credentials bearer token, when try query service, error message:

aadsts65005: client application has requested access resource 'https....azurewebsites.net'. request has failed because client has not specified resource in requiredresourceaccess list. trace id: 4176e... correlation id: 1d612d... timestamp: 2016-11-13 18:28:34z

these steps i've done far:

0) added microsoft.identitymodel.clients.activedirectory nuget pack client project

1) registered client app in azure active directory

2) when calling rest api client application, adding serviceclientcredentials

3) when creating serviceclientcredentials provide 4 elements -authority = aad app registrations -> endpoints => federation metadata document vērtība (without starting part http://login.windows.net/)

-resource => rest api uri (=>identifier of target resource recipient of requested token)

-clientid => application id after registered client app in aad -redirect uri => since client app native application, valid url

how can specify resource in client app?

client has not specified resource in requiredresourceaccess list

i managed find solution on how enable aad authorization azure rest api app. in case has same challenge, hope helpful.

these steps did:

1) in app services -> authentication/authorization

  • app service authentication => on
  • action take when request not authenticated => login aad
  • configured aad express settings (there have create azure ad app api app - i.e. "app registration" service)

2) in azure active directory -> app registrations

  • add registration client app
  • edit manifest of client app - in requiredresourceaccess section must add information rest api app:
    • resourceappid -> insert rest api app id here
    • resourceaccess {id} -> oauthpermission id value of rest api (you can in rest api's manifest!)

3) in client application

  • generate rest client using autorest (from solution explorer: add\rest api client) or create manually
  • add microsoft.identitymodel.clients.activedirectory nuget pack

  • get , use token access api code similar this:

        //request     (..)     var tokencreds = gettoken();     serviceclientcredentials credentials = tokencreds;      using (var client = new yourapi(credentials)) {     ...     }     (..)      //getting token  private static tokencredentials gettoken() {     //get federation metadata document in      //azure active directory app registrations -> endpoints     var authority = "f1...";      //identifier of target resource recipient of requested token     var resource = "https://yourapi.azurewebsites.net";      //client application id (see azure active directory app registration     //for client app     var clientid = "a71...";      //return url - not relevant native apps (just has valid url)     var redirecturi = "https://just-some-valid-url.net";      authenticationcontext authcontext =     new authenticationcontext(string.format     ("https://login.windows.net/{0}", authority));      authenticationresult tokenauthresult =     authcontext.acquiretokenasync(resource,     clientid,     new uri(redirecturi),     new platformparameters(promptbehavior.auto)).result;      return new tokencredentials(tokenauthresult.accesstoken); }

Comments

Post a Comment

Popular posts from this blog

php - How to display all orders for a single product showing the most recent first? Woocommerce -

-
i have password protected page on frontend. on page, want display full list of purchases associated single woocommerce product id. option 1: i've looked through woocommerce docs , , found: wc_cli_order , list_( $args, $assoc_args ) function lists orders. presumably, orders can filtered product id [--=] filter orders based on order property. line item fields (numeric array, started index zero): line_items.0.product_id option 2: i found article , based on customer id. i've modified code based on guesses meta_key , meta_value. $customer_orders = get_posts( array( 'numberposts' => -1, 'meta_key' => '_product', 'meta_value' => get_product_id(), 'post_type' => wc_get_order_types(), 'post_status' => array_keys( wc_get_order_statuses() ), ) ); how display orders single product showing recent order first? here solution put based on these articles: http://www.w...
Read more

asp.net - How to correctly use QUERY_STRING in ISAPI rewrite? -

-
i'm having difficult time , hope guys can help. using helicon isapi rewrite version 3.1.0.104 on our iis server. edit http.conf file , have tried , still fail. this trying do: redirect url: https://www.domain.com/switch-by-version?version=2.8.5.2594 to: https://test.domain.com/load/load.aspx?tver=2.8.5.2594 the version number @ end source url change, , need target url have same version number @ end of url example above shows. i tried following not work: rewritecond %{query_string} ^version=(\d\d?)\.(\d\d?)\.(\d\d?)\.(.*)$ [nc] rewriterule ^/switch-by-version(.*)$ https://test.domain.com/load/load.aspx?tver=%1 [r=307,nc,l] any appreciated! thanks. if it's running in equivalent context of .htaccess , rule shouldn't start / . here's simpler version: rewritecond %{query_string} ^version=(\d+\.\d+\.\d+(?:\..+)?)$ [nc] rewriterule ^switch-by-version/?$ https://test.domain.com/load/load.aspx?tver=%1 [r=307,nc,l]
Read more

angularjs - How restrict admin panel using in backend laravel and admin panel on angular? -

-
https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps following tutorials, try write authentication restrict admin panel, didn't understood how can that. this admin panel, admin panel don't want show , request database unauthenticated users. my laravel-routes route::get('/admin',function(){ return view('index'); }); route::get('/api/v1/employees/{id?}', 'employees@index'); route::get('/api/v1/users/{id?}', 'employees@users'); route::post('/api/v1/employees', 'employees@store'); route::post('/api/v1/employees/{id}', 'employees@update'); route::delete('/api/v1/employees/{id}', 'employees@destroy'); route::group(['prefix' => 'api'], function() { route::resource('authenticate', 'authenticatecontroller', ['only' => ['index']]); route::post('authenticate', 'authentic...
Read more