Avoid Azure Oauth page redirection for my AD web application

0
votes

We have hosted a windows authentication enabled application in IIS (Intranet web server). We wanted to integrate the SkypeforBusinessOnline in the application and have done the steps given https://msdn.microsoft.com/Skype/WebSDK/docs/developwebsdkappsforsfbonline.

We are able to successfully integrate Skype for Business SDK in our web application. However, the application is redirecting to the OAuth page "https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&&&client_id=" as soon as the user logs in.

Is there a way to avoid this redirection and get the access token silently inside the application (using the clientid and secret key). We don't want to authenticate the user twice in our application. We tried ADAL and it doesn't help though

2
asp.netc#-4.0oauthazure-active-directoryskype-for-business

2 Answers

0
votes

I've never used the Skype for Business APIs, but I can explain why the redirect is happening and what you can try.

The redirect is done to log in the user with Azure Active Directory. You can do authentication differently if you wish to stay on the site, or if the user is in intranet, they can be signed in pretty much automatically through home realm discovery. The redirect still happens though.

If your app registered in Azure AD uses delegated permissions to call the API, you must do the redirect.

However, if you use application permissions, your app can call the API with its identity. Then it doesn't matter who the signed in user is, or even if a user is signed in for that matter. Authentication and authorization must be taken care of extremely well in that case.

Skype for Business Online APIs offer some application permissions that you can grant for your application:

Skype for Business application permissions

Add them and grant them to the app. Then you should be able to get an access token from the Azure AD token endpoint with client id, client secret, and the resource URI for the Skype for Business API.

0
votes

No. It is not possible to authenticate using Azure AD without redirection. If you want the user to log in into Skype for Business, you may use you in-premise Lync server instead of Skype for Business Online. Then you can authenticate without redirection. The authentication of users with AD is one thing. The authentication of your app so that it has access to Skype for Business Online is another thing. And the latter requires a redirection.