Get User Information while Authenticating from Azure Active Directory

0
votes

I have a web forms application which I developed for testing Authentication/Authorization scenarios. While creating the test project, I selected "No Authentication" which created my project to have no authentication mechanism code. I published the web site to my azure tenant and enabled the Azure Active Directory Authentication from the "Authentication / Authorization" under features. I created an Azure AD app pointing to my web application. After hitting the default page, the app now authenticates and everything seems to work fine.

However, when I run the app locally from within Visual Studio, I am not able to get the user information as there are no appropriate headers available, eg X-MS-CLIENT-PRINCIPAL-NAME. My next step was to call the graph API to get the detailed user information.

NOTE: I am able to include the OWIN code in my web project to authenticate users, but I want minimal code change to my existing on-prem windows authentication application.

Any help / guidance

1
azureauthenticationazure-web-app-serviceazure-active-directory
are you looking at a single sign on experience for the app when used from intranet as well as internet ? then you need to look at azure AD connect. in case of azure AD you will use graph API to authenticate and get user info etc in the on premises AD you will use LDAP.Aravind
Single sign on may not be desired as I already requesting my user to input his/her AD login credentials when browsing the site. I wish to authenticate the user via Azure AD. However, when I run the app from VS, I am not able to get either the Auth Headers not am I able to get the claims principal for calling Graph API.Ashish
you have simply linked the app to AAD. the default page takes you to the live login page and you proceed from there. generally the practice is to Add the authentication/Authorization ADAL calls using graph API in the [Authorize] attribute of controllers in the case of MVC app. Then use the user information got using graph API wherever you need them.Aravind
Mine is a web forms apps. Do you have a sample code that displays how to get user information form graph api via auth token?Ashish
graph api works with objectId which is the unique id for the user in AAD.wonder if auth token will have that. u need to check it out. graph api code is same for all types of applications.Aravind

1 Answers

2
votes

However, when I run the app locally from within Visual Studio, I am not able to get the user information as there are no appropriate headers available, eg X-MS-CLIENT-PRINCIPAL-NAME. My next step was to call the graph API to get the detailed user information.

This is expected. The X-MS-CLIENT-PRINCIPAL-NAME header (and related headers) is added by the Authentication / Authorization module which runs in app service. when you run locally from Visual Studio, you won't have this module and thus won't have this request header.

If you want to use the same code both locally and in App Service, instead of looking at the request headers, I suggest using .NET APIs which surface up user information, such as ClaimsPrincipal.Current.Identity.Name. This should be populated correctly whether you're using Windows Authentication locally or Authentication / Authorization in Azure App Service.

You can find more information about the underlying mechanics of Authentication / Authorization here: https://cgillum.tech/2016/02/01/architecture-of-azure-app-service-authentication-authorization/.