locked
B2C Authentication and Passing Credentials via Ajax RRS feed

  • Question

  • I'm having an issue passing credentials from a ASP.NET Core Web Application to an Azure function; both of which are on B2C.

    If I access the Function, it prompts me to log on and then returns the json result "hi" as expected. The issue is with having the web app work with the function.



    Assuming I haven't done the previous step. If I access the Web application and sign it, everything works fine in that regard. However if I have a Ajax request, it doesn't pass on the token so I get a message in the console:

    "Access to XMLHttpRequest at 'https://xxx.b2clogin.com/xxx.onmicrosoft.com/oauth2/v2.0/authorize?response_type=id_token&redirect_uri=https%3A%2F%2Fxxx.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=5e55f7e5-2b51-4a5f-86c0-b7776b2623b2&scope=openid+profile+email&response_mode=form_post&p=b2c_1_signin&nonce=d138edf541d1423e92b99fe7ca400263_20190331110324&state=redir%3D%252Fapi%252FTest%253F_%253D1554029904731' (redirected from 'https://xxx.azurewebsites.net/api/Test?_=1554029904731') from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource."

    I have to do the following to get it to work and return "hi" from the Ajax request:

    1. Go to Web Application

    2. Sign in

    3. Go to the webpage with the Ajax request. It returns the above error.

    4. Manually go to the url the ajax is requested. Gives me the data without log in.

    5. Refresh the page from step 3. It returns "hi" as it should.

    I have to go to the function url first before the ajax will work.I have more information on the StackOverflow question:

    https://stackoverflow.com/questions/55440356/azure-wep-app-and-function-credentials-not-working


    Sunday, March 31, 2019 3:29 PM

Answers

  • I pretty much went with option 2 but I'm just trying option 4 but I don't see the "Expose an API" setting, so it's not going well.


    Option 3 didn't apply.

    Wednesday, April 17, 2019 10:19 AM

All replies

  • The authentication is take care of by the browser by passing the right cookie based on the domain.

    But I guess in your case, the function and webapp have different domain names right? That is why you need to login in once to the function app and then it works.

    There are multiple ways you can tackle this

    1. Put both your WebApp and Function behind an Azure Application Gateway so that you can access them via one domain name. This way the browser will send the cookie in requests going to this custom domain.
    2. Have an endpoint on your WebApp that will act as a proxy to your Function App. This way the cookie is sent in the initial request to your WebApp, which you can forward to the Function App.
    3. I assume you have an MVC Application so this one might not be applicable for your scenario but for people who are using a JavaScript SPA along with a WebApp API and Functions API, they could instead perform an Authorization Code Grant Flow to get an access token which they will pass (in JS code, not automatic) in their requests to both the APIs.
    4. Expose your Function API as a new scope in Azure AD and allow your WebApp to access to this API via delegated permissions.

    Monday, April 1, 2019 2:11 PM
  • Hey Legolash2o - It looks like it's been some time since you have posted this question here. Were you able to get this issue resolved through different means/methods? If so, would you kindly share the solution with us here so that others visiting this post can learn from it?
    Thursday, April 11, 2019 8:13 PM
  • I pretty much went with option 2 but I'm just trying option 4 but I don't see the "Expose an API" setting, so it's not going well.


    Option 3 didn't apply.

    Wednesday, April 17, 2019 10:19 AM