question

MuruganAndezuthuDharmaratnam-4694 avatar image
0 Votes"
MuruganAndezuthuDharmaratnam-4694 asked ·

azure ad how to authenticate using token passed from another application

I am writing an asp .net MVC web application and I want to authenticate using Azure AD. The web application will not have a sign-in page. It has to be authenticated using a token passed from to it from another application. Really appreciate it if some one can help with an answer.

azure-active-directory
· 4
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @MuruganAndezuthuDharmaratnam-4694,

Thanks for reaching out.

Could you elaborate more how front end application is configured to get Azure AD token? It's worth checking out this OAuth 2.0 On-Behalf-Of flow. and see if that fulfill your requirement. Thanks.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 Votes 0 ·

Have a node js Teams Bot application that uses Azure Active Directory Graph API to get access token. When the user clicks on teams a new browser window opens up and a web application is called. an access token is passed to the web application. Want to authenticate the web application using the access token.

0 Votes 0 ·

sikumars-msft

protocols-oauth-on-behalf-of-flow.png




In My case, the application B will be an asp .net MVC web application, not web api.

0 Votes 0 ·
MuruganAndezuthuDharmaratnam-4694 avatar image MuruganAndezuthuDharmaratnam-4694 MuruganAndezuthuDharmaratnam-4694 ·

Hi @sikumars-msft Kindly let me know how I can authenticate an MVC web application using an access token.

Thanks!
Murugan

0 Votes 0 ·

1 Answer

sikumars-msft avatar image
0 Votes"
sikumars-msft answered ·

Hello @MuruganAndezuthuDharmaratnam-4694,

Thanks for detailed information.

Looking at above scenario, front end Teams Bot application (node js) receives token for "Azure Active Directory Graph API", easier way to verify this one is to decode JWT token which was acquired by front app from https://jwt.ms/ and see who is audience.

The aud claim in a token indicates the resource the token is intended for (its audience) and same token can not be reused other than specified audience.

Example:
75357-image.png
Note: This token only applicable for Graph API and can't be reused to application B

In case if you wish to authenticate an MVC web application using an access token, then you must make sure token was received for MVC application and when you decode token it should contains either APP ID or APP URI of MVC application as the aud claim in a token.

To achieve this, you can still use "OAuth 2.0 On-Behalf-Of flow" as mentioned above this should work with API as well as MCV application

(OR)

Alternatively, You can leverage "client credentials flow" to let MVC application authenticate self and to avoid user interaction.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.



image.png (49.9 KiB)
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.