No ClaimsIdentity Information in new relying party trust in Azure VNet; works with localhost during Dev RRS feed

  • Question

  • User1441450911 posted

    I have an ASP.NET Web API 2 backend that I use with an HTML/JS browser-based client. The Web API is configured to use the AD FS of an Azure VM (for exlanation, we'll call it 'dc', aka 'dc.cloudapp.net' from the public internet). That VM is an a VNet. Everything works as expected on my local machine during development.

    I have attempted to set up a test environment on Azure in the same VNet, using two other VMs, one for the client and one for the web/db server (we'll call it 'testServer') to simulate an intranet environment. 'dc' is the domain controller, DNS server, and AD server for the domain that 'testServer' is in.The new server has a relying party set up on the AD FS VM (dc), and everything appears to work properly when a user attempts to login to the app on testServer. An OAuth bearer token is received and added to the requests.

    After much testing, I have determined that I am not receiving any claims or user information when using the app on 'testServer'. Everything else works. I have edited the issuance transform rules (Claim Rules) for the Relying Party Trust to be exactly the same as the working 'localhost' Relying Party Trust, so that shouldn't be the issue. Also, there is a valid client id registered with AD FS for the 'testServer' application.

    I need some ideas. I would really appreciate any assistance in what I should do next to diagnose why there's a difference.


    Thursday, February 25, 2016 1:49 PM

All replies

  • User1441450911 posted

    More info: 

    For clarification, I am using 'dc' as my AD FS server for both my localhost app as well as my 'testServer' app. To access 'dc' from localhost, i'm using dc.cloudapp.net. From 'testServer', i'm using the same dns name, but i've tried changing it to the name being used by the domain (dc.lan.com).

    I am getting a JWT for both back from AD FS. However, my custom OAuthBearerAuthenticationProvider class's ValidateIdentity is never called for the test environment's application.

    Thursday, February 25, 2016 8:10 PM
  • User1441450911 posted

    Okay, nevermind. The JWT had the appropriate claims in it as verified on jwt.io. For some reason, my app is not reading the JWT data. So, now, I think I need to figure out what's different between my two server setups.

    Thursday, February 25, 2016 9:36 PM
  • User-646145796 posted


    Thanks for your posting. If you have any issue about Azure VM and Virtual Network, please try to move to the following forum:

    Azure VM: https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WAVirtualMachinesforWindows

    Azure VN: https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WAVirtualMachinesVirtualNetwork

    It is appropriate and more experts will assist you.

    Best Regards,


    Friday, February 26, 2016 6:08 AM