I am trying to authenticate multiple clients (connecting from a windows server application - no browser) access to my .Net4.51 webAPI using azure active directory.
I have created an Azure AD application for my webapi called "ServerWebApi" and configured my webapi application code to point to it in the webConfig using the following app settings.
<add key="ida:Tenant" value="myDomainName.onmicrosoft.com" />
<add key="ida:Audience" value="https://myDomainName.onmicrosoft.com/ServerWebApi" />
<add key="ida:ClientID" value="<client id>" />
Thus when a request comes in with a token, it should use these settings to validate the token against my AD WebApi application called ServerWebApi.
Now to give each client the ability to get a token, I have created an Azure application for each client. (I didnt create it as a native app but instead as a webapi app so that I can create a separate key for each client). I also added my actual webAPI application (ServerWebApi) in Azure into the list of "Web APIs accessed by this application". (For this example my first client is called myClientWebApiApp)
So now my client can successfully request a token from its client App in AD but when it posts to the server (webapi) I get a 401 - Unauthorized. Thus I presume I am failing validation of the token against my Azure AD ServerWebApi webApi.
The client app code I use to get the token and call my webApi is as follows
// Create an ADAL AuthenticationContext object and link it to my tennant domain myDomainName.onmicrosoft.com
var authority = ConfigurationManager.AppSettings["Tenant"];
authenticationContext = new AuthenticationContext(authority);
//Client Cerdential Object used while Acquiring a token from Windows Azure AD
ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
// Invoke AuthenticationContext.AcquireToken to obtain an AccessToken.
// Uses previously-created ClientCredential to authenticate
authenticationResult = authenticationContext.AcquireToken(resource, clientCred);
httpClient.DefaultRequestHeaders.Clear();
//Add authorization header to HttpClient
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer",authenticationResult.AccessToken);
var data = "new Value";
// Call the Service web api to update
HttpResponseMessage response = httpClient.PostAsJsonAsync(resourceurl + "api/Values", data).Result;
And it uses the following config settings
<add key="Tenant" value="https://login.windows.net/myDomainName.onmicrosoft.com"/>
<add key="ClientId" value= "<client id>"/>
<add key="ClientSecret" value= "<client secret>"/>
<add key="ResourceUrl" value="https://localhost:44300/"/>
<add key="AppIdUri" value="https://myDomainName.onmicrosoft.com/myClientWebApiApp"/>
The Client Id is that of the Client webapi application I created and the ClientSecret is a key I created against that application in Azure AD.
Does anyone know if what I am doing is possible and if so what am I doing wrong?