I am trying to setup development environment to integrate Google sign-in on Android using Web Authenticator in Xamarin Essentials.
In the Web API project, same AuthController is included described in this article. It is running on https://localhost:44311/api
To call the API from emulator, API url is referenced as https://10.0.2.2:43411/api as described in this article.
Now, I am able to call the API url using await WebAuthenticator.AuthenticateAsync(apiUrl, callbackUrl)
But, when API tries to invoke Google authentication via await Request.HttpContext.ChallengeAsync(scheme);, below error is returned from Google.
Error 400: invalid_request, device-id and device-name are required for
the private IP: https://10.0.2.2:4311/signin-google
As I understand, it is expecting request originated from the server instead of IP address like https://<servername>
Whole situation comes down to be able to access the webservice using name (or localhost) to be used in both emulator and Google redirect uri.
Related
I have an old web app that uses Forms Authentication that we've converted to support SAML using Shibboleth. This part is complete and works fine. The app redirects to login.microsoftonline.com, allows a login against the customer's AD (hburg.kyschools.us), and redirects back to the app which now allows the authenticated user in.
The web app also has some ASP.NET Web API controllers that we'd like to authenticate the same way. This also seems to work when the controllers are accessed from a browser that has already logged in. So far, so good.
Now we want to access these Web API controllers from a WPF app. The WPF app has been accessing them for years but just using Basic Authentication. Looking for an example, I found this project on github that shows how to use MSAL:
https://github.com/Azure-Samples/active-directory-dotnet-desktop-msgraph-v2
This project will acquire a token via MSAL and then use it with HttpClient to call a web service. I can run this project and use it to log in to the same AD as above (hburg.kyschools.us). And then it can use HttpClient to access MS Graph.
Now, when instead I try to have the project call into my Web API controller using HttpClient, passing in the same token I received back from the hburg.kyschools.us AD, I get back the Log In page at login.microsoftonline.com, as if I haven't authenticated.
Can I use MSAL to get a token this way that can be used to access my web api via HttpClient from WPF? It seems like I'd need to tell MSAL that I want the token to include authorization for the web app. Is that done somehow in the scopes parameter?
** the application is hosted on server and the API if prodding the headers. I want to read that headers to get the user name (who is accessing the application)**
I have a Angular application and a separate Web API solution built with .NET Core. I have successfully setup authentication with Azure AD B2C. I am able to login to the angular application. However I would like to secure one of my Web API calls. i.e. http://localhost/Profile/GetProfile. The trouble is that I'm able to query this url successfully even when not logged in.
I used code from the sample application in github and strangely I get 401 not authorized when trying to make my api call from my ClientApp. However, I am able to open that url successfully in a new tab (outside of my application). I am trying to achieve the opposite of this. i.e. it should 401 from a browser but 200 from my ClientApp. What am I doing wrong?
BTW the sample application throws a unhandled exception when trying to navigate to the todo menu item.
The trouble is that I'm able to query this url successfully even when
not logged in.
This is because the cache is still there after you successfully log in. Once you've used browser privacy mode, you'll need to log in again.
And is these screenshots below what you want to achieve? You can decode token in this.Whether the requested token is successful does not match the api endpoint.If so,please check your client app (API perssions) & server app(Expose an API).
401 from a browser
2.200 from my ClientApp.(Here's a microsoft graph me/endpoint demo.)
We are creating a Xamarin Forms app, only Android for now, which connects to a web API also created by us (ASP.Net Core). I have managed to get OpenId Connect authentication working by:
Using Azure as the identity provider.
Using Android custom tabs to show the Microsoft's login page.
Detect when the custom tab is redirected to our redirect URL.
Get the id token and use it as the authentication bearer token sent to our web API.
Using JwtBearer authentication in the web API.
The problem appears when the id token expires. We want to get a new one without asking the user any question.
To do that, we repeat the authentication process by adding the prompt=none, id_token_hint=THE_TOKEN and login_hint=THE_USER parameters in the authentication request, as defined in the OpenId Connect specification, and supported by Azure.
During that request, we have an issue with the redirect URL:
If the redirect URL has a custom scheme (like myapp://...) Azure responds with an interaction_required error.
If the redirect URL has an HTTPS scheme, then Azure responds successfully (including the necessary parameters to continue the process), but I am not able to detect the redirect URL in the Android custom tab. So my app gets stuck in the custom tab trying to load my invalid redirect URL.
The explanation for #2 is that HTTPS URLs are handled by the browser (Chrome in this case), so it does not trigger any action that I can detect from my app. This seems reasonable.
I also tried to detect custom tab navigation events from Xamarin, trying to detect the event "manually", but failed. Such events are never triggered.
Now, as for #1, I do not have any reasonable explanation. So my question is:
Is there any way to make Azure accept a redirect URL with a custom scheme when trying to refresh an id token by using the standard prompt=none OpenId Connect parameter?
I have web api that uses windows authentication. I've created my own Active Directory Server and a separate IIS Server. I have registered the IIS server to the domain but for some reason I'm getting a 401 issue when I use the API URL in my Javascript.
But works when using it directly from web browser
Please note that this is the same code (javascript, SQL Server, and ASP.NET Web Api) I'm developing at work. The only difference are the url for LDAP and domain. I have tried everything from changing Windows Authentication Providers. I'm just curious if I need to add my machine as a trusted to the Active Directory which I'm not sure how. I have added the Active Directory User to the IIS with Full Control but still no luck.