Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to configure Microsoft.Identity.Web when Web App and Web API exist in the same project. #547

Closed
levi106 opened this issue Sep 4, 2020 · 6 comments
Closed

How to configure Microsoft.Identity.Web when Web App and Web API exist in the same project. #547

levi106 opened this issue Sep 4, 2020 · 6 comments
Labels
answered question Further information is requested

Comments

@levi106
Copy link

levi106 commented Sep 4, 2020

I looked at the document but couldn't figure out how to configure the following project.

  • The project is an ASP.NET Core MVC project with API controller.
  • Both Web App and Web API call backend API (e.g. Microsoft Graph)

Do I need to call AddMicrosoftIdentityWebAppAuthentication and also AddMicrosoftIdentityWebApiAuthentication?
@jmprieur
Copy link
Collaborator

jmprieur commented Sep 4, 2020

yes @levi106 : you need to call both.

@jmprieur jmprieur added answered question Further information is requested labels Sep 4, 2020
@levi106
Copy link
Author

levi106 commented Sep 4, 2020

Does the call order matter? Calling AddMicrosoftIdentityWebApiAuthentication after AddMicrosoftIdentityWebAppAuthentication resulted in a 401 error.

services.AddMicrosoftIdentityWebAppAuthentication(Configuration)
           .EnableTokenAcquisitionToCallDownstreamApi()
           .AddInMemoryTokenCaches();
services.AddMicrosoftIdentityWebApiAuthentication(Configuration)
           .EnableTokenAcquisitionToCallDownstreamApi()
           .AddInMemoryTokenCaches();

image

@jmprieur
Copy link
Collaborator

jmprieur commented Sep 4, 2020
edited
Loading

@levi106, it does not but I think that you need to use the non-contracted from (AddAuthentication, AddMicrosoftIdentityWebApp, AddAuthenticationAddMicrosoftIdentityWebApi, and decide of which scheme (OpenIdConnect or JWT has the priority), and specify which scheme to use for which page / controller action.

See details in https://github.com/AzureAD/microsoft-identity-web/wiki/adding-call-api-to-web-app https://github.com/AzureAD/microsoft-identity-web/wiki/Web-APIs#using-multiple-authentication-schemes

The problematics is similar to this one:
#429

@levi106
Copy link
Author

levi106 commented Sep 18, 2020

I tried to specify the scheme name for the Web API, but I got the same result.

            services.AddMicrosoftIdentityWebAppAuthentication(Configuration)
                    .EnableTokenAcquisitionToCallDownstreamApi()
                    .AddInMemoryTokenCaches();

            services.AddMicrosoftIdentityWebApiAuthentication(Configuration, jwtBearerScheme:"Bearer2")
                    .EnableTokenAcquisitionToCallDownstreamApi()
                    .AddInMemoryTokenCaches();

@jmprieur
Copy link
Collaborator

@levi106 did you decorate the [Authorize] attribute for your HTML pages (Web app) and your api pages (web api) with the scheme ? did you read this article? Authorize with a specific scheme in ASP.NET Core

@jmprieur jmprieur mentioned this issue Sep 23, 2020
Closed
8 tasks
@jmprieur
Copy link
Collaborator

jmprieur commented Oct 8, 2020

See also https://github.com/AzureAD/microsoft-identity-web/wiki/Mixing-web-app-and-web-api-in-the-same-ASP.NET-core-app
Closing as answered

@jmprieur jmprieur closed this as completed Oct 8, 2020
@kristofferjalen kristofferjalen mentioned this issue Jan 27, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
answered question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jmprieur @levi106