Azure MobileServiceClient fails to authenticate user in ASP.NET

0
votes

I'm having troubles with OAuth .NET backend authentication for Azure mobile-services in ASP.NET 5.0. I'm trying to implement external login with Facebook,Twitter,Google and Microsoft.

I'm successfully getting access_token from all external sources and then trying to log in into MobileServiceClient.

here is my code 

            var app = System.Web.HttpContext.Current.Items["AzureClient"] as MobileServiceClient;
            app.Logout();

            var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
            var accesToken = loginInfo.ExternalIdentity.Claims.FirstOrDefault(c => c.Type == "access_token");
            MobileServiceUser user = null;
            if (providerName == "Microsoft")
            {
                user = await app.LoginWithMicrosoftAccountAsync(accessToken);
            }
            else
            {
                var token = new JObject();
                token.Add("access_token", accessToken);
                user = await app.LoginAsync(loginInfo.Login.LoginProvider, token);
            }

And I'm getting authenticated but only with facebook token. Microsoft and Google throw 401 unauthorized exception. Twitter throws "Method not allowed". What am I dowing wrong? I've double-checked that app secret and app keys are populated for all providers in azure management portal. Please, help

1
asp.netauthenticationazureoauthazure-mobile-services

1 Answers

0
votes

I'm not sure if tokens from social network can be forwarded to MobileServiceClient or not but it works with facebook and doesn't work with all the others. I'm really puzzled about this behaviour;

I finally ended up with creating an ActiveDirectory application and using ADAL AcquireToken method to obtain AD token for my MobileServicesClient. As it is described here Azure Website Single Sign On accessing Azure Mobile Service from Azure Active Directory as User

here is my Method obtaining token from AD

    private string GetAdToken()
    {
        string clientID = "<clientId>";
        string authority = "<AuthorityUrl>";
        string resourceURI = "<WebApiUrl>";
        var appKey = "<applicationKey>";

        var ac = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority);
        var clientCredential = new ClientCredential(clientID, appKey);
        var ar = ac.AcquireToken(resourceURI, clientCredential);
        Session["token"] = ar.AccessToken;
        return ar.AccessToken;
    }

and here is my method which is run before quering Azure datatables through MobileServiceClient.

    private async Task<MobileServiceUser> EnsureLogin()
    {
        var app = System.Web.HttpContext.Current.Items["AzureClient"] as MobileServiceClient;
        app.Logout();
        JObject token = new JObject();
        token["access_token"] = Session["token"].ToString();
        return await app.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, token);
    }

So now it doesn't metter what provider I use to log in to my web application. MobileServiceClient always works with ad token.

I'm not sure if it is an acceptable practice but it works and maybe this will help somebody like me struggling against azure authentication