locked
Web API : authorization has been denied for this request RRS feed

  • Question

  • User86716463 posted

    Hi All,

    This is problem with while access with webAPI and under azure AD authentication. 

    Azure AD is working fine, the issue is while accessing API getting error message "authorization has been denied for this request "

    Please help on this. 

    Start.cs --> code snapshot 

    public void Configuration(IAppBuilder app)
    {
    Logger.Logger.writeLog("Configuration started ...");
    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

    app.UseCookieAuthentication(new CookieAuthenticationOptions());
    app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
    // Sets the ClientId, authority, RedirectUri as obtained from web.config
    ClientId = clientId,
    Authority = authority,
    RedirectUri = redirectUrl,

    // PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
    PostLogoutRedirectUri = redirectUrl,

    //Scope is the requested scope: OpenIdConnectScopes.OpenIdProfileis equivalent to the string 'openid profile': in the consent screen, this will result in 'Sign you in and read your profile'
    Scope = OpenIdConnectScope.OpenIdProfile,

    // ResponseType is set to request the id_token - which contains basic information about the signed-in user
    ResponseType = OpenIdConnectResponseType.IdToken,

    // ValidateIssuer set to false to allow work accounts from any organization to sign in to your application
    // To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name or Id (example: contoso.onmicrosoft.com)
    // To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
    TokenValidationParameters = new TokenValidationParameters()
    {
    ValidateIssuer = true
    },

    // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
    Notifications = new OpenIdConnectAuthenticationNotifications
    {
    AuthenticationFailed = OnAuthenticationFailed
    }
    }
    );

    // app.UseOAuthBearerTokens(OAuthOptions);

    }
    /// <summary>
    /// Handle failed authentication requests by redirecting the user to the home page with an error in the query string
    /// </summary>
    /// <param name="context"></param>
    /// <returns></returns>
    private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
    {
    context.HandleResponse();
    context.Response.Redirect("/?errormessage=" + context.Exception.Message);
    return Task.FromResult(0);
    }

    }

    At WebApiConfig.cs 

    config.Filters.Add(new AuthorizeAttribute());
    Friday, May 17, 2019 7:47 AM

All replies

  • User1724605321 posted

    Hi Ramesh ,

    How do you make the api calls ? Do you sent the Bearer and the token like  "Bearer  token" as a Authorization parameter in the header .

    Best Regards,

    Nan Yu

    Monday, May 20, 2019 2:33 AM