@ismcagdas Any update?
When impersonating a tenant, the site just redirects to the login page without any error. It works fine when debugging locally but not when deployed to Azure as a single solution.
It appears that when the FE redirects to https://sitename/?impersonationToken=<sometoken>&tenantId=<tenantid> that the backend just redirects the request to index.html and does not pass along the query parameters.
I've replicated this problem in a clean project download. You can test here: https://testanz105.azurewebsites.net/account/login
I'm sorry Ismail, but I'm struggling to understand how I can incorporate On-Behalf-Of flow into ANZ Can you give some more detail after reading the below docs?
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/on-behalf-of
Thanks for the additional information! I'm assuming I need the ability to SaveTokens as described here but I don't know where to configure that in ANZ. Also how would I access them later when needed in an app service?
This feels kludgy. What about token refresh, etc?
Isn't there some interface I can implement or a class I can override to implement AAD more deeply in the product?
I'm sorry that it's been awhile and I got sidetracked. The use case is similar to this auth flow https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/tree/master/2.%20Web%20API%20now%20calls%20Microsoft%20Graph. I want to make a request to Graph through our WebAPI on behalf of the user (delegated auth). Our frontend is Angular so the concept would be similar to this sample.
Since my problem is the same as the original poster, I was hoping you would be able to post the solution that you sent to him since it was just demo code anyway. I try to do my due diligence by searching for existing solutions instead of posting a new question as soon as I have a problem.
@maliming @fvdh Please share the solution to this problem with the rest of us.
How involved would it be? Can you give a general direction on what would be needed?
We have been able to successfully use the builtin support for OpenID to allow users to authenticate with our site using AAD. But the way ABP works, it just uses AAD for authentication but then ABP issues it's own token issued by the TokenAuthController.
We would like to uss AAD token for the whole stack. In other words, I want the app service api's to take AAD token for authentication. Do you have any guidance on how to implement this?
