none
Azure API App Node.js Authentication RRS feed

  • Question

  • Hi,

    following the "Protect an API app: Add Azure Active Directory or social provider authentication" guide on https://azure.microsoft.com/en-us/documentation/articles/app-service-api-dotnet-add-authentication/ I tried to protect a node.js api app.

    Authentication is working correctly and login is possible through the gateway login url.

    Is there any way I can detect the identity of the logged in user in my node.js api app?

    Thanks in advance!



    • Edited by __markus__ Tuesday, April 28, 2015 6:16 AM
    Monday, April 27, 2015 2:57 PM

Answers

  • This was answered by Panos Kefalidis in the Disqus comments on the Protect an API app doc:

    The easiest way is to achieve this is by capturing the request and checking if the x-zumo-auth header is present. E.g. if you use Express.js this could look like:

    app.get('/gettoken', function(req, res){
      var token = req.get('x-zumo-auth');
      if (token != null) {
      res.send('Authenticated');
    } else
    {
      res.send('Not authenticated');
    }
    });

    Monday, May 11, 2015 6:08 PM

All replies

  • This was answered by Panos Kefalidis in the Disqus comments on the Protect an API app doc:

    The easiest way is to achieve this is by capturing the request and checking if the x-zumo-auth header is present. E.g. if you use Express.js this could look like:

    app.get('/gettoken', function(req, res){
      var token = req.get('x-zumo-auth');
      if (token != null) {
      res.send('Authenticated');
    } else
    {
      res.send('Not authenticated');
    }
    });

    Monday, May 11, 2015 6:08 PM
  • There is also the AppServiceAuthSession cookie HTTP only cookie which is only available to the server node not the client browser. An approach is to have the client app call an API on the server that can manage this cookie.

    app.get('/api/user', profile)


    //validate that the user profile is set on the authSession cookie
    function profile(req, resp) {
           
        var user = null;
        var authSession = req.cookies['AppServiceAuthSession'];
        if (authSession != null) {
            user = authSession;
        }
        resp.json({ session: user });

    }

    More detail information:


    http://www.ozkary.com/2016/10/app-authentication-azure-ad.html



    og-bit.com


    • Edited by ozkaryMVP Tuesday, November 29, 2016 2:26 PM typo
    Tuesday, November 29, 2016 2:24 PM