Calling APIM in customer Tenant using Access token retrieved from multitenant app.

Petter Ekrann 1 Reputation point
2021-05-11T13:37:26.85+00:00

I have a MT-App that authorizes users in my multi tenant application.
When a users logs in I verify that the issuer of the id-token is a known tenant from AzureAd. Using the GUID from the tenant.

Works like a charm :D

Now the a customer want me to do some "writeback" to their source system, by calling an API exposed through APIM.

I thought this is what OIDC/oAuth was all about, but I am not able to find any good examples on how to do this.

First thing I'm struggling with is actually how to get the access token. 

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.AzureAD.UI;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;

 services.AddAuthentication(AzureADDefaults.AuthenticationScheme).AddAzureAD(o =>
                    {
                        o.OpenIdConnectSchemeName = AzureADDefaults.OpenIdScheme;
                        o.Instance = "https://login.microsoftonline.com/";
                        o.TenantId = "organizations";
                        o.CallbackPath = "/signin-oidc"; 



                OnTokenValidated = e =>
                {
                    //This can not be the way to do it. but for now. 
                    var accestoken = e.SecurityToken.RawData; //This is the AccessToken

For now I'm storing the access token in a cookie, probably not the best way,
I have seen some docs mentioning a SaveToken option, but does not seem to be part og the AddAzureAD extension options.

After that calling APIM with the access token in the Authorization Header should do the trick?

C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,302 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,649 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,376 Reputation points Microsoft Employee
    2021-05-20T18:02:55.883+00:00

    @Anonymous
    Thank you for your post and I apologize for the delayed response! I found a Stack Overflow post where it looks like you might've resolved your issue.

    Stack Overflow Solution:
    You need to modify the code and use HttpContext.GetTokenAsync("access_token") to get the access token. For more info - https://stackoverflow.com/a/67513378

    I'm glad that you were able to resolve this and if you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments