none
Window store App + WCF + Sql database

    Question

  • Hi,

    I have a window store App, which is communicating with WCF (Hosted on IIS). In this WCF, I have store information like ResourceID, TenantID, App ID and etc by which I am able to perform Azure AD authentication.

    The authentication seems to be working fine for existing user (on whose consent has been done). However, for new user, who is singing first time in the application (is a valid user on the domain) is not able to login because no consent form is appearing.

    If i run the same piece of code from console application which perform authentication through Microsoft Identify model API, is working fine.

    I can have the logic of authentication on App but that would require me to get Resource, Tenant Id, App ID and user credentials from the user every time the user logins.

    Please guide.


    Thanks

    Thursday, March 30, 2017 8:02 PM

All replies

  • Flow for user authentication will be like this:

    1. User enter user name and password in App.
    2. App, send signal for authenticate and authorization to WCF.
    3. WCF, will execute the Azure AD authentication using Microsoft.Identity.Model API.
    4. WCF, will get token and return successfull authentication and authrization signal to APP.

    In the above aproach, the existing user (who have consented) are able to login successully. However, new user (first time login) gets consent error.

    Thanks

    Thursday, March 30, 2017 8:31 PM
  • Why aren't you doing the authentication step directly in the app? Which flow are you using for acquiring the token? Is the WCF doing the password grant flow based on having the user's password? This flow will not invoke new consent actions since there is no UI. Or are you invoking a redirect-based login based on serving up pages from the web server?
    Friday, March 31, 2017 6:08 AM
  • Thank you for your response.

    If I do authentication directly, then I believe, I will have to take the following input from the customer every time they login:

    1. Tenant Id
    2. Resource Id
    3. App Id
    4. Username and password

    Taking these input will be cumbersome for user every time. Is there a way, we can save these settings for users till he decided to reinstall the APP.

    I am using grant flow for authorization.

    Please elaborate this "redirect-based login based on serving up pages from the web server".

    Thanks

    Friday, March 31, 2017 12:17 PM
  • In short, the recommended thing to do is using a redirect-based flow (auth code) directly in the app, and only pass along the token to the back-end.

    This would require the use to type in username and password on a configure interval (default 1 hour). The tenant id is not required if you hit the common endpoint, resource and app id could be saved in the app without prompting the user.

    I have a sample consisting of an app and an API back-end (not WCF, but the concept is the same): https://aadguide.azurewebsites.net/integration/webapisingletenant/ 

    Tuesday, April 4, 2017 3:41 PM