question

PraveenAZ-7267 avatar image
PraveenAZ-7267 asked ·

.net core token based Authentication and Authorization in WebApi

We need to build web API, which should be Authenticated and Authorize based on token sent in headers in .net core 2.1.

I am able to do Authentication using Azure AD app (client ID, Client secret, tenant id, etc.) but I want to do Authorization, I have created 3 groups in Azure AD and assign groups to the users as well.

1) How should I achieve this, as it is an urgent requirement, the consumer will be another website, that will be sent a request with a token to web API.

2) As per my understanding token should be generated using user credentials instead Azure AD app. I am able to do to Authorization in the MVC app, but not in WebApi.

3) For Authorization should I or can I maintain role mapping in SQL table?

Any help is much appreciated.

azure-active-directoryazure-ad-multi-factor-authentication
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

soumi-MSFT avatar image
soumi-MSFT answered ·

@PraveenAZ-7267, If I understand the ask correct, that part that works for you is where you are doing the Client Credentials Flow of OAuth2.0, where the application goes ahead to AAD and gets an Access Token and then submits that token to the API as bearer.

In case you would want to an User inplace of the user, you need to go ahead and use the "Authorization Code Grant Flow of OAuth2.0"

You can read more about this flow here: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code

I would also suggest you to got through the following link which is about OpenIDConnect: link text
OpenIDConnect is an implementation of the Authorization Code Grant Flow


You can also check the following Github sample for Dot Net Core using Authorization Code Grant Flow: link text



Hope this helps. Do let me know if there are any more queries around this so that we can help you further.


Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!




Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PraveenAZ-7267 avatar image
PraveenAZ-7267 answered ·

Lot of information, I'll refer these one by one,
As, I am new to all these stuff, will ask queries in a day or two,

1) meanwhile, if you have any link that tells how to generate a token that tells about user also not client id and client secret (I mean ADAL/v1 link)

2) Another is how to validate token for Authorization that will be greate,

I am also confused the consumer and Api can user the same AAD App? with 2 redirect URLs?

1 comment Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PraveenAZ-7267 avatar image
PraveenAZ-7267 answered ·

Thanks, I got a way to Authorize the user, thanks for the prompt response,
its's ADAL and .netCore with bit another approach,
your inputs helped me to go in the right direction.

1 comment Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@PraveenAZ-7267, Thank you for sharing the update. It would be great if you can mark the "response" as "Answer" or "upvote" it so that it helps others looking into these posts in the community.

0 Votes 0 · ·