I have a web api with the [Authorize] attribute on each controller. Azure AD is used for sign in.
Everything works fine from my mobile app where I just generate a bearer token and call the web api with the authed request.
What I would like to get working now is to call the same web api from an Azure function but I don't find any examples on how to do this. I find examples on how to protect my function using Azure AD but not how to call a protected API.
Any help is highly appreciated
I think this on-behalf-of tutorial may help:
https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapi-onbehalfof/
Basically, set up AAD for the azure function. Then, in your function, get a token on behalf of the authenticated user and use it to call your web api, seen in this code:
https://github.com/Azure-Samples/active-directory-dotnet-webapi-onbehalfof/blob/master/TodoListService/Controllers/TodoListController.cs#L127
Related
I would like to use Azure for authentication, but have access tokens provided by my own .net web api. Can msal be configured to call my web api's endpoints instead of azures to manage the lifecycle of the access token?
In a perfect world, I could use acquireTokenSilent the same way I would for azure, but for my own web api.
Yes, it can. You'll need to register a custom scope in the Azure Portal for your resource and API, configure your API to require an access token with the right resource and scopes (as registered in the portal), and then provide that scope to MSAL when you call acquireTokenSilent or similar APIs.
Hi is there a way to get users applications list in OKTA via jquery? Right now we are using Okta Iframe on our page, problem is that the okta content cannot be changed.
The operation that lists users assigned to an application is part of the Apps API, which requires an API token. For security reasons, you can't call it from jQuery code.
If you have a backend or API component to your application, you can use that to call this API securely and then pass the results to your frontend.
I have a Web API registered in and secured with Azure AD. I am having a ASP.NET Core MVC Web application which consumes this API service. The controllers are automatically authenticated by use of Authorize attribute and I can get accessToken for current logged in user.
I am writing unit test for the UI web application. Can anyone help me with how to get Azure AD access token from unit test methods? Thanks in advance.
Since your unit tests probably want to run without user interaction, you need to use a different authentication flow.
Some APIs support username/password authentication, where your code has access to a set of credentials that can be used (see http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/).
If you want something a little more secure, you can use certificate based authentication. It is somewhat more complicated to setup and implement (https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential), but gives access to more APIs (e.g. Exchange Web Services user impersonation requires it).
I tried to build a mobile app (client(mobile) <-> server) and i'm going to use google API to authenticate and identify my user and to sync to my server.
which is the best method to achieve this?
I was thinking to use below method:
Mobile app get authorization code
send the code to server
server contact google server to get access token
both server and mobile client use the access token to access data from google. <-- is this access token generated portable? means: i can use it in server as well as in mobile app?
i'm not sure if above method is the right method that i should use, if it the right method, is there any reference that i can follow (esp. in python) - i tried to read developer.google.com but it's quite humongous type of API there and i got lost...
Thanks for the kind advise
I am building a mobile app in which the users need to be authenticated via TrueVault which is a HIPAA compliant data store. TrueVault offers a REST API and generate an access token post basic authentication. They have endpoints to check token validity etc too.
We need to do 2 things:
1) Authenticate all users via TrueVault and store the auto generated TrueVault id in Parse to facilitate data mapping.
2) Setup an interceptor in Parse which verifies the access token with TrueVault before serving any protected resource.
What would be the simplest and most efficient way to implement the above? I have gone through the tutorial to add Third Party oAuth to the mobile apps, but TrueVault does not have oAuth in place yet and thus needs authorization requests via Basic Auth only. Also, would we need Cloud Code for the above or Custom Web Hooks?
Thanks
Sameer
i would suggest you to use retrofit, Gson(or jackson) and rxjava(rxAndroid) in order to handle all api calls, i made a quick overview to the api documentation and this libraries should work for this problem.
links:
https://github.com/square/retrofit
https://code.google.com/p/google-gson/
https://github.com/ReactiveX/RxAndroid
Cheers.