asp.net core webapi secured by Azure Active Directory v1

1
votes

I have an application that uses React in the front end and asp.net core webapi in the backend.

To secure the front end I'm using adal.js and it's working fine. I can get the token and all the information that I need.

The problem is that I want to pass the token to the webapi, and it should allow or block the requests. In the past, there was the nuget Microsoft.Owin.Security.ActiveDirectory that worked pretty well, but now it seems that I should use Microsoft.AspNetCore.Authentication.JwtBearer and things are different.

I've set the client/api application in the classic Azure portal, and also grant access to api to validate the client's tokens.

here's how my Startup.cs looks like:

        app.UseJwtBearerAuthentication(new JwtBearerOptions
        {
            AutomaticAuthenticate = true,
            AutomaticChallenge = true,
            Authority = ConfigurationManager.AppSettings["ida:AADInstance"] + ConfigurationManager.AppSettings["ida:TenantId"],
            Audience = ConfigurationManager.AppSettings["ida:Audience"],
        });

When I'm trying to access the webapi controllers with [Authorize] attribute (passing the Authorization header with the bearer token), I'm getting the following error:

Microsoft.AspNetCore.Hosting.Internal.WebHost: Information: Request starting HTTP/1.1 POST http://localhost:44304/api/v1/Temp 0 Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware: Information: Failed to validate the token eyJ0eXAiOiJK...

Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10500: Signature validation failed. No security keys were provided to validate the signature. at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.d__1.MoveNext()

I've tried all different settings and none of them seems to work. The resources I've found are related to Azure AD B2C or Azure AD v2 endpoint, as I'm still using the "classic" because of adal.js, I could not find anything that could help me.

Any clues? Thanks in advance.

PS: as I'm still developing, the SSL certificate is not valid one. I'm not sure if it's related to this error or not.

UPDATE

I'm getting the following error now, after implementing the @Saca answer:

Microsoft.AspNetCore.Authorization.DefaultAuthorizationService: Information: Authorization failed for user: (null). Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'. Microsoft.AspNetCore.Mvc.ChallengeResult: Information: Executing ChallengeResult with authentication schemes (). Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerMiddleware: Information: AuthenticationScheme: Bearer was challenged.

1
asp.net-corejwtazure-active-directoryadalasp.net-core-webapi
Could you provide a link to the @Saca answer you are referring to, or briefly explain his answer if it was removed? I'm having the exact same problem...Byron Jones
seems he had deleted the comment. Unfortunately I don't have access to the code anymore. But I'm happy to help you, reach me on twitter @thdotnetThiago Custodio

1 Answers

2
votes

After an entire afternoon trying things here is the solution:

in my Startup.cs I was setting the AD things before app.UseCors(CorsPolicy);

I just switch and now it's working fine.