Azure AD Authentication for Web API

Question

User-1946294156 posted

I am following the below example:

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-webapi-dotnet

The code will compile and deploy.  However, the API Controller that I have tagged with Authorized, it will only tell me that I am not authorized.  Is there a way to instead of having it state that I am not authorized, but redirect me to the Azure AD Login Prompt?

Thank you in advance for your help.

Answer 1

User475983607 posted

Web API does not have a UI.  Your web application must handle the authentication.

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-openid-connect-code

Answer 2

User1724605321 posted

Hi bobj181,

As a supplement, you can refer to Authentication scenarios for Azure AD and choose the scenarios base on your requirement :

• Native application to web API
• Web application to web API
• Daemon or server application to web API

To web api ,special scenario(on-behalf-of flow) is  :

A user has authenticated on a native application, and this native application needs to call a web API. Azure AD issues a JWT access token to call the web API. If the web API needs to call another downstream web API, it can use the on-behalf-of flow to delegate the user’s identity and authenticate to the second-tier web API :

https://github.com/Azure-Samples/active-directory-dotnet-webapi-onbehalfof 

Best Regards,

Nan Yu