We have been able to successfully use the builtin support for OpenID to allow users to authenticate with our site using AAD. But the way ABP works, it just uses AAD for authentication but then ABP issues it's own token issued by the TokenAuthController.
We would like to uss AAD token for the whole stack. In other words, I want the app service api's to take AAD token for authentication. Do you have any guidance on how to implement this?
11 Answer(s)
-
0
Hi @japnolt
We couldn't came up with a solution, sorry. Even if you manage to achieve this, each request to server must access to Azure to validate the token. I think it will make each request slower.
Could you explain why do you need such a use case ? Maybe we can find another solution.
Thanks.
-
0
I'm sorry that it's been awhile and I got sidetracked. The use case is similar to this auth flow https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/tree/master/2.%20Web%20API%20now%20calls%20Microsoft%20Graph. I want to make a request to Graph through our WebAPI on behalf of the user (delegated auth). Our frontend is Angular so the concept would be similar to this sample.
-
0
Hi,
A user can login to AspNet Zero's Angular app using OpenIdConnect with Azure AD. When Azure AD returns to AspNet Zero, Angular app sends token to server app and server app calls Microsoft Graph API internally. If you want to make such calls, you need to store token returned from Azure AD.
-
0
Hi,
Integrating AAD into AspNet Zero is very easy, you just need to fill the configuration (OpenIdConnect) in the appsettings.json file. Your request is a bit different and AspNet Zero doesn't support it by default. You can check https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/additional-claims?view=aspnetcore-3.1 for more information.
-
0
Thanks for the additional information! I'm assuming I need the ability to SaveTokens as described here but I don't know where to configure that in ANZ. Also how would I access them later when needed in an app service?
-
0
I'm sorry Ismail, but I'm struggling to understand how I can incorporate On-Behalf-Of flow into ANZ Can you give some more detail after reading the below docs?
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/on-behalf-of
-
0
Hi @japnolt,
Sorry, I think I didn't understand your question at first place.
- Do you want to store AAD token in your Angular app when its retrieved from Azure AD during login.
- Send it with every request to your AspNet Zero server app
- And you want AspNet Zero server app to contact with Azure AD for every request to validate this token ?
If it is something else, could you explain it again ?
Thanks,