Azure Mobile Services Active Directory Login unauthorized

0
votes

My setup is iOS to .NET backend of Azure Mobile Services

I have followed the guide for active directory authentication here http://azure.microsoft.com/en-us/documentation/articles/mobile-services-dotnet-backend-ios-adal-sso-authentication/ which I am trying to get debugging locally hosted on IIS.

I have set the MS_MasterKey and MS_ApplicationKey as noted here in the web.config https://social.msdn.microsoft.com/forums/windowsapps/en-US/23e7163b-dad5-46ae-bf9b-c71ab067e535/microsoftwindowsazuremobileservicesmobileserviceinvalidoperationexception-the-request-could-not?forum=wpdevelop

And have also added the MS_AadClientID and MS_AadTenants key to the appSettings in the web.config also.

I am able to visit http://localhost/MobileService/help and enter the application key for the password and access the help there.

On iOS though, I am authenticating the with ADALiOS library which succeeds with authentication and returns a valid access token for the resource. Although on passing it to the mobile service I get a 401 unauthorised response which I am assuming is due to the application key somehow. With the result I am passing it to the mobile services client as so.

let payload = ["access_token": result.accessToken]

client.loginWithProvider("aad", token: payload) { user, error in

}

Any ideas or suggestions on what is missing and why it is still returning a 401 status from this login call?

EDIT:

The request headers are:

Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
"User-Agent" = "ZUMO/2.0 (lang=objective-c; os=--; os_version=--; arch=iOSSimulator; version=2.0.0.0)";
"X-ZUMO-APPLICATION" = <actual application key here>;
"X-ZUMO-INSTALLATION-ID" = "DB14CBCD-98EA-4014-AD6E-62E0CF02A9D0";
"X-ZUMO-VERSION" = "ZUMO/2.0 (lang=objective-c; os=--; os_version=--; arch=iOSSimulator; version=2.0.0.0)";

The response I get back is:

<NSHTTPURLResponse: 0x7fa882f81240> { URL: http://localhost/MobileService/login/aad } { status code: 401, headers {
"Content-Length" = 0;
Date = "Sun, 09 Nov 2014 22:39:16 GMT";
Server = "Microsoft-IIS/8.0";
"Www-Authenticate" = "Basic realm=\"Service\"";
"X-Powered-By" = "ASP.NET";
} }

EDIT:

Also doing a POST from Fiddler to the login/aad endpoint responds instantly with a 401 response, even having the app key or master key in the header and with or without the access_token body

1
ios.netazureazure-mobile-servicesazure-active-directory
Hi - Are you passing the access token as a Authentication Bearer Token on the request header?Haroon
Can you post the body of the 401 response?Philippe Signoret
For posting the token, I am just using the built in mobile services sdk with the method loginWithProvider:token: which posts it in the body of the request. Tried adding the Authorization: Bearer header and still getting a 401Damien Pontifex

1 Answers

0
votes

The problem was in the configuration in web.config. The only way I found this was redoing everything and then diffing the changes

My problem was a trailing space in the value for the key MS_AadAudience key.