We have been able to successfully use the builtin support for OpenID to allow users to authenticate with our site using AAD. But the way ABP works, it just uses AAD for authentication but then ABP issues it's own token issued by the TokenAuthController.
We would like to uss AAD token for the whole stack. In other words, I want the app service api's to take AAD token for authentication. Do you have any guidance on how to implement this?
11 Answer(s)
-
0
Hi @japnolt
Unfortunately we don't have such a guide.
-
0
How involved would it be? Can you give a general direction on what would be needed?
-
0
Hi @japnolt
We couldn't came up with a solution, sorry. Even if you manage to achieve this, each request to server must access to Azure to validate the token. I think it will make each request slower.
Could you explain why do you need such a use case ? Maybe we can find another solution.
Thanks.
-
0
I'm sorry that it's been awhile and I got sidetracked. The use case is similar to this auth flow https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/tree/master/2.%20Web%20API%20now%20calls%20Microsoft%20Graph. I want to make a request to Graph through our WebAPI on behalf of the user (delegated auth). Our frontend is Angular so the concept would be similar to this sample.
-
0
Hi,
A user can login to AspNet Zero's Angular app using OpenIdConnect with Azure AD. When Azure AD returns to AspNet Zero, Angular app sends token to server app and server app calls Microsoft Graph API internally. If you want to make such calls, you need to store token returned from Azure AD.
-
0
This feels kludgy. What about token refresh, etc?
Isn't there some interface I can implement or a class I can override to implement AAD more deeply in the product?
-
0
Hi,
Integrating AAD into AspNet Zero is very easy, you just need to fill the configuration (OpenIdConnect) in the appsettings.json file. Your request is a bit different and AspNet Zero doesn't support it by default. You can check https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/additional-claims?view=aspnetcore-3.1 for more information.
-
0
Hi,
You can use a repository and retrieve it from AbpUserTokens table.
-
0
I'm sorry Ismail, but I'm struggling to understand how I can incorporate On-Behalf-Of flow into ANZ Can you give some more detail after reading the below docs?
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/on-behalf-of
-
0
Hi @japnolt,
Sorry, I think I didn't understand your question at first place.
- Do you want to store AAD token in your Angular app when its retrieved from Azure AD during login.
- Send it with every request to your AspNet Zero server app
- And you want AspNet Zero server app to contact with Azure AD for every request to validate this token ?
If it is something else, could you explain it again ?
Thanks,