User1441450911 posted
I have an ASP.NET Web API 2 backend that I use with an HTML/JS browser-based client. The Web API is configured to use the AD FS of an Azure VM (for exlanation, we'll call it 'dc', aka 'dc.cloudapp.net' from the public internet). That VM is an a VNet. Everything
works as expected on my local machine during development.
I have attempted to set up a test environment on Azure in the same VNet, using two other VMs, one for the client and one for the web/db server (we'll call it 'testServer') to simulate an intranet environment. 'dc' is the domain controller, DNS server, and
AD server for the domain that 'testServer' is in.The new server has a relying party set up on the AD FS VM (dc), and everything appears to work properly when a user attempts to login to the app on testServer. An OAuth bearer token is received and added to
the requests.
After much testing, I have determined that I am not receiving any claims or user information when using the app on 'testServer'. Everything else works. I have edited the issuance transform rules (Claim Rules) for the Relying Party Trust to be exactly the
same as the working 'localhost' Relying Party Trust, so that shouldn't be the issue. Also, there is a valid client id registered with AD FS for the 'testServer' application.
I need some ideas. I would really appreciate any assistance in what I should do next to diagnose why there's a difference.
thanks!
