I'm using Microsoft.Azure.Mobile.Client, in Xamarin.Forms App, because I need offline synchronization in my app. In azure, I configure the easy tables in the App Service, and I need that only authenticated users modify the data, so I change the permissiones of the tables and set Authenticated access only for all options on permissions settings.
Application registered on AAD
- Type: Native
- Home Page: https://appservice.azurewebsites.net/.auth/login/aad/callback
- Application ID: aca9a545-XXXXXXXXXX
- Allowed External Redirect URLs: https://appservice.azurewebsites.net/.auth/login/aad/callback
App Service Authentication / Authorization
- Authentication Providers: AAD
- Configuration: Advanced
- Client ID: aca9a545-XXXXXXXXXX
- Issuer Url: https://sts.windows.net/-tenant-id-
I followed this article to config: https://docs.microsoft.com/en-us/azure/app-service/app-service-mobile-how-to-configure-active-directory-authentication
In the application
I log in the user and get the token with this code.
string authority = "https://login.microsoftonline.com/common";
string resource = "https://graph.windows.net";
string clientId = "aca9a545-XXXXXXXXXX";
string returnUrl = "https://appservice.azurewebsites.net/.auth/login/aad/callback";
AuthenticationContext ac = new AuthenticationContext(authority);
AuthenticationResult authResult = await ac.AcquireTokenAsync(resource, clientId, new Uri(returnUrl), platformParameters);
This code is fine and I get the token value (it open a windows where the user enter the credentials and log in).
MobileServiceClient Client = new MobileServiceClient("https://appservice.azurewebsites.net");
string path = Path.Combine(MobileServiceClient.DefaultDatabasePath, "DATA_BASE_NAME");
MobileServiceSQLiteStore Store = new MobileServiceSQLiteStore(path);
Store.DefineTable<Turn>();
Client.SyncContext.InitializeAsync(Store, new MobileServiceSyncHandler());
IMobileServiceSyncTable<Turn> Table = Client.GetSyncTable<Turn>();
var token = new JObject
{
{ "access_token", authResult.AccessToken}
};
var res = await Client.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, token); // First thread: here throw exception
await Client.SyncContext.PushAsync(); // Second thread: if I skip previous line, here throw exception too
await Table.PullAsync($"allTurns", Table.CreateQuery());
This code is where throw exception:
First thread exception: The request could not be completed. (Unauthorized)
Request Method: POST, RequestUri: 'https://appservice.azurewebsites.net/.auth/login/aad', Version: 2.0, Content: System.Net.Http.StringContent, Headers: { X-ZUMO-INSTALLATION-ID: e8d8a571-fa9b-4ee8-905b-ca911c3d7d99 Accept: application/json User-Agent: ZUMO/3.1 User-Agent: (lang=Managed; os=Windows Store; os_version=--; arch=X86; version=3.1.50105.0) X-ZUMO-VERSION: ZUMO/3.1 (lang=Managed; os=Windows Store; os_version=--; arch=X86; version=3.1.50105.0) Accept-Encoding: gzip Content-Type: application/json; charset=utf-8 Content-Length: 1736 }
Response StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers: { Set-Cookie: ARRAffinity=3911b1a0a4e4b012ff96f14ba9eb0231188f4dbe20b460dfa5c4e0166d608ed2;Path=/;HttpOnly;Domain=ghc-devtest-appservice.azurewebsites.net Date: Wed, 29 Nov 2017 16:19:31 GMT WWW-Authenticate: Bearer realm="appservice.azurewebsites.net" X-Powered-By: ASP.NET Content-Length: 242 Content-Type: application/json }
Second thread exception: Microsoft.WindowsAzure.MobileServices.Sync.MobileServicePushFailedException: Push operation has failed. See the PushResult for details.
PushResult.Status : Microsoft.WindowsAzure.MobileServices.Sync.MobileServicePushStatus.CancelledByAuthenticationError
PushResult.Errors : empty
