tekbyts avatar image
0 Votes"
tekbyts asked ·

What are the steps that will happen in the background while validating an Azure AD issued Bearer Token - Microsoft Identity Platform?

The examples I find online on this topic only instructs the configuration code used in the Startup.cs class. I could not find details as to how this configuration helps to validate the bearer token received by the API. Does the API contact Azure AD in order to validate the token?

I am curious to understand what happens behind the scenes when token validation happens at the web api. What does this one line code do services.AddMicrosoftIdentityWebApiAuthentication(Configuration); to validate the token? does it make contact to Azure AD to validate the token ? what are the steps that will take place in while the api validate the bearer token?

I have no issues with running the code. it perfectly works fine for me but I could not find the underlying mechanism / steps of token validation. Any help will be highly appreciated.

 public void ConfigureServices(IServiceCollection services)

 public void Configure(IApplicationBuilder app, IWebHostEnvironment env)

     app.UseEndpoints(endpoints =>

· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Duplicate post of this.

0 Votes 0 ·

1 Answer

miwan2-msft avatar image
0 Votes"
miwan2-msft answered ·

Hi, @tekbyts

Here is an article of How to secure a Web API built with ASP.NET Core using the Azure AD B2C.

It demonstrates an ASP.NET Core Web App application calling an ASP.NET Core Web API that is secured using Azure AD B2C.

  1. The client ASP.NET Core Web App application uses the Microsoft Authentication Library Microsoft Authentication Library (MSAL) for .NET to sign-in a user and obtain a JWT access token from Azure AD B2C:

  2. The Access Token is used as a bearer token to authenticate the user when calling the ASP.NET Core Web API.

The client web application essentially takes the following steps to sign-in the user and obtain a bearer token for the Web API:

  1. Signs-in the user with local or social identities.

  2. Acquires an access token for the Web API.

  3. Calls the Web API using the access token as a bearer token in the authentication header of the Http request. The Web API authorizes the caller (user) using the ASP.NET JWT Bearer Authorization middleware.


If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best Regards,
Michael Wang

image.png (25.2 KiB)
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.