locked
How can i get the 'Azure Jwt Bearer Token' RRS feed

  • Question

  • User430178104 posted

    I am calling one of the REST API, this API required 'Azure Jwt Bearer Token'. I am using ASP.NET WebForms, Please let me know how can i get this.

    Below is the configuration i am using in my Startup.cs

    public void Configuration(IAppBuilder app)
            {
                app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
    
                app.UseCookieAuthentication(new CookieAuthenticationOptions());
                app.UseOpenIdConnectAuthentication(
                    new OpenIdConnectAuthenticationOptions
                    {
                        // Sets the ClientId, authority, RedirectUri as obtained from web.config
                        ClientId = clientId,
                        Authority = authority,
                        RedirectUri = redirectUri,
    
                        // PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
                        PostLogoutRedirectUri = redirectUri,
                        //Scope = OpenIdConnectScope.,
                        // 
                        Scope = Convert.ToString(ConfigurationManager.AppSettings["Azure.Scope"]),
                        // ResponseType is set to request the id_token - which contains basic information about the signed-in user
                        ResponseType = OpenIdConnectResponseType.Code,
                        // ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
                        // To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
                        // To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter 
                        TokenValidationParameters = new TokenValidationParameters()
                        {
                            ValidateIssuer = false
                        },
                        // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
                        Notifications = new OpenIdConnectAuthenticationNotifications
                        {
                            AuthenticationFailed = OnAuthenticationFailed
                        }
                    }
                );
            }

    Wednesday, July 18, 2018 9:49 AM

All replies

  • User283571144 posted

    Hi pathipati,

    According to your description, I suggest you could use the AuthorizationCodeReceived event to exchange the Auth code for an Access Token.

    More details, you could refer to below codes:

    app.UseOpenIdConnectAuthentication(
        new OpenIdConnectAuthenticationOptions
        {
            ClientId = clientId,
            Authority = Authority,
            Notifications = new OpenIdConnectAuthenticationNotifications()
            {
                AuthorizationCodeReceived = (context) =>
               {
                   var code = context.Code;
                   ClientCredential credential = new ClientCredential(clientId, appKey);
                   string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
                   string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
                   AuthenticationContext authContext = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantID), new EFADALTokenCache(signedInUserID));
                   AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
                               code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceID);
    
                   return Task.FromResult(0);
                },
                ...
        }

    Azure AD sample:

    https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-multitenant-openidconnect/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs#L46

    Article:

    http://www.cloudidentity.com/blog/2014/05/11/openid-connect-and-ws-fed-owin-components-design-principles-object-model-and-pipeline/ 

    Best Regards,

    Brando

    Thursday, July 19, 2018 2:22 AM