Console App consumes web API registered in active directory


  • Hi everybody.
    Me and my colleague are experiencing the worst lats two weeks trying to figure out this scenario:

    A simple out-of-the-box project of web api that you can find on official MSDN doc or starting with VS template, which return simple two Values: ["Value1", "Value2"]

    You call http://localhost:xxxxx/api/values and you get back  ["Value1", "Value2"]

    A simple out-of-the-box project of a console app which connect to the api and print in the prompt  ["Value1", "Value2"].

    The console app is able to issue a token against azure active directory properly configured.

    The controller which returns values is decorated with [Authorize] attribute.

    Now we need to specify Roles(or Claims, it depends on your answers) to access to different methods on the controllers.
    Nowhere is specified a good consistent flow to follow and obtain the result.

    A lot of blog articles non officials and something on MS official docs.

    A lot of questions in our minds: "Do we have to create custom roles? Yes? By Powershell? No? We need custom claims? How do you create a custom claim or role? Do we need to edit manifest for the web api AD registered? Do we need to add approles? If yes, in which manifest, client or web api? Do we need edit oauth2permissions?"

    So guys, I've ended my words and mental power in a lot of attempts. Stop here. 

    thanks to everyone who will contribute.

    Thursday, April 20, 2017 2:59 PM