In a AzureAD authenticated app hosted in Azure i get the access token in the api controller like this
public override void OnActionExecuting(ActionExecutingContext context)
{
base.OnActionExecuting(context);
_client.DefaultRequestHeaders.Accept.Clear();
var tokenHeader = Request.Headers["X-MS-TOKEN-ADD-ACCESS-TOKEN"];
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokenHeader );
}
Since Azure AD app service injects the token it works only when hosted in Azure.
How can i make it work in my development environment? This of course generates an exception.
Im following this tutorial: https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-auth-aad#enable-authentication-and-authorization-for-back-end-app
Both backend and frontend are secured with AzureAD authentication. The frontend app has had permission set to the backend app in AzureAD section in the portal. In the code, there is nothing configured in appsettings.json.