-
Notifications
You must be signed in to change notification settings - Fork 218
Web API Troubleshooting
jennyf19 edited this page May 25, 2021
·
5 revisions
To troubleshoot your web API, you can set the subscribeToJwtBearerMiddlewareDiagnosticsEvents
optional boolean to true
when you call AddMicrosoftIdentityWebApiAuthentication
or AddMicrosoftIdentityWebApi
(used to be AddProtectedWebApi
in Microsoft.Identity.Web 0.1.x). Enabling these diagnostics displays in the output window the progression of the OAuth 2.0 message through the JWTBearer middleware (from the reception of the message from Azure Active directory to the availability of the user identity in HttpContext.User
).
Web API:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(Configuration, "AzureAd", subscribeToJwtBearerMiddlewareDiagnosticsEvents: true)
.EnableTokenAcquisitionToCallDownstreamApi()
.AddInMemoryTokenCaches();
Web app:
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration, "AzureAd", subscribeToOpenIdConnectMiddlewareDiagnosticsEvents: true)
.EnableTokenAcquisitionToCallDownstreamApi()
.AddDownstreamWebApi("TodoList", Configuration.GetSection("TodoList"))
.AddInMemoryTokenCaches();
In both cases, you can set a breakpoint in the methods of the OpenIdConnectMiddlewareDiagnostics
and JwtBearerMiddlewareDiagnostics
classes respectively to observe values in the debugger.
Example:
Microsoft.Identity.Web.Resource.JwtBearerMiddlewareDiagnostics: Debug: Begin OnMessageReceivedAsync.
Microsoft.Identity.Web.Resource.JwtBearerMiddlewareDiagnostics: Debug: End OnMessageReceivedAsync.
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Information: Successfully validated the token.
Microsoft.Identity.Web.Resource.JwtBearerMiddlewareDiagnostics: Debug: Begin OnTokenValidatedAsync.
Microsoft.Identity.Web.Resource.JwtBearerMiddlewareDiagnostics: Debug: End OnTokenValidatedAsync.
- Home
- Why use Microsoft Identity Web?
- Web apps
- Web APIs
- Using certificates
- Minimal support for .NET FW Classic
- Logging
- Azure AD B2C limitations
- Samples
- Web apps
- Web app samples
- Web app template
- Call an API from a web app
- Managing incremental consent and conditional access
- Web app troubleshooting
- Deploy to App Services Linux containers or with proxies
- SameSite cookies
- Hybrid SPA
- Web APIs
- Web API samples
- Web API template
- Call an API from a web API
- Token Decryption
- Web API troubleshooting
- web API protected by ACLs instead of app roles
- gRPC apps
- Azure Functions
- Long running processes in web APIs
- Authorization policies
- Generic API
- Customization
- Logging
- Calling graph with specific scopes/tenant
- Multiple Authentication Schemes
- Utility classes
- Setting FIC+MSI
- Mixing web app and web API
- Deploying to Azure App Services
- Azure AD B2C issuer claim support
- Performance
- specify Microsoft Graph scopes and app-permissions
- Integrate with Azure App Services authentication
- Ajax calls and incremental consent and conditional access
- Back channel proxys
- Client capabilities