Currently our ASP.NET MVC system is secured using OpenIdConnect and cookie authentication. We've enabled an oauth authentication flow using azure active directory.
public void ConfigureAuthOpenIdConnect(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
var cookieAuthenticationOptions = new CookieAuthenticationOptions()
{
//...
};
app.UseCookieAuthentication(cookieAuthenticationOptions);
var notifications = new OAOpenIdConnectAuthenticationNotifications();
var openIdConnectAuthenticationOptions = new OpenIdConnectAuthenticationOptions()
{
//...
Notifications = notifications
};
app.UseOpenIdConnectAuthentication(openIdConnectAuthenticationOptions);
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigHelper.ClientSettings.TenantName,
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = ConfigHelper.ClientSettings.ClientId
}
});
}
Now when we authenticate via OpenIdConnect, we retrieve the authorization code using a custom Notifications
on the OpenIdConnectAuthenticationOptions
options, this enables us to request and cache resource tokens using ADAL.
The problem occurs when one tries to access our system using an azure AD bearer token, this workflow of getting and caching resource tokens is not present.
So my question is, how can I enable this using the bearer token? How can I request additional resource tokens like we are doing using OpenIdConnect? Is it possible to get an authorization code from a bearer token using ADAL?