2

Playing around with Angular2 and ASP.NET Core (Web API).

Currently I successfully login through the UI and I am storing the id token that is returned. I created API and I pick Work or School authentication. Nothing is changed since I created the project. The problem is that I can't authenticate the request from angular (I tried with Postman either). Every time I get 401.

Setting the hearder to Authorization: Bearer xxx and I am passing the id token.

enter image description here

This is the data I store after login. What I am attaching as a header is the adal.idtoken

Any help it will be appreciated

Improve this question

2 Answers 2

Reset to default
2

You have to pass the access token to the Authorization header, not the id token.

The id token only contains information (claims) about the signed in user whereas the access token contains information about which protected resources the user has access to.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Okay, currently I am using 'ng2-adal' you wrap the login functionality. This stores what I post as a image above. So should I do something extra to get the access token. I am aware if I do a 'code' flow when I receive a authorisation code and then exchange it for a access token, but whats the case here? Am I missing something? I am trying to apply what is written over here: learn.microsoft.com/en-us/azure/active-directory/develop/…
You just have to aquire an access token to your resource and pass that within the header. For Single Page application, you don't use the Authorization code flow since this would expose the client secret to the server. Instead you should use the implicit flow.
Okay, so I enabled "oauth2AllowImplicitFlow": true. Then when I get to the login page in URL i have response_type=id_token+token. If I login successfully it tells me 'Resource identifier is not provided'. Same result I get when I specify only token in url.
So it looks like the request from ng-adal is missing the client_id. You probably have to check your configuration, I am using ng-adal without any issue against an AAD.
Here is the url template that I am sending login.microsoftonline.com{{xx}}.onmicrosoft.com/oauth2/authorize?response_type=id_token+token &client_id={{client_id_guid}} &redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Faccess%2Flogin &state=36d5cf06-f581-4c6b-ba2c-384e79366b42 &nonce=8f1511aa-74ae-442b-8d45-aa55cfa35654 &client-request-id=1edfb669-db7d-4867-8bc6-b36a6836a064 &x-client-SKU=Js &x-client-Ver=1.0.14 But I get the explained error:' Resource identifier is not provided' . What should I enter for an resource?
|
1

As in adal for js, access token is saved as id_token. And we can get the info from source code at https://github.com/AzureAD/azure-activedirectory-library-for-js/blob/master/lib/adal.js#L895. So we can use id_token to authenticate the resources when we use adal for js.

Per your description, for 401 issue, please double check the Authentication setting of your Web API application on Azure portal. enter image description here
The id strings used in Client ID and Issuer Url should be the same with client id and tenant id you are using in ng2 configurations.

To check whether it is configured, you can leverage fiddler or Postman to make http requests with Authentication header with the id_token you get from ng2.

There is a similar issue with you, who is using ng2-adal and getting 401 while using the token to access for the resource. You can try the answer of Angular 2 SPA Azure Active Directory JWT Issue.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.