Unauthorized 401 from Azure WebAPI when trying to use B2C token as Authentication

lee mcragger 1 Reputation point
2021-03-19T20:59:40.663+00:00

Hello, kind of a newbie here...
Here's my scenario:
I'm having some trouble with testing if authentication is working with my webAPI that i have published to Azure...
I have a webapi that is connected to my azuresql, and without authentication enabled, i can get reponses from my sql with GET, POST, etc...so i know that the code is working in that aspect.
Now, i have a mobile app that has authentication code setup to retrieve a token via my b2c tenant via a login page, and that is working fine.
My problem, which im hoping someone can help me with, is that the token im getting from the b2c login (break point in my code and grabbing the returned token), is not being accepted by the webapi as a valid authentication.
i think either im testing it wrong in postman (header - Authentication / Bearer (pasted token), or my settings are wrong in Azure on the webapi itself.
Problem is there are so many settings, and again, I'm new to this.
Any help is greatly appreciated, but if all else fails, back to youtube i go.
Thanks!
-Lee

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,634 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,365 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rahul Metangale 106 Reputation points
    2021-03-22T07:34:09.353+00:00

    Hi @lee mcragger ,

    I am assuming you are developing a API which connect to Azure SQL and you want to use service principal to connect to Azure SQL from web API. if my understanding is correct please check following:

    1. Ensure that service principal has right access on Azure SQL Server. example to grant access to service principal to SQL
      CREATE USER [SerivcePrincipalName] FROM EXTERNAL PROVIDER
      EXEC sp_addrolemember 'db_reader', 'SerivcePrincipalName'
    2. While generating token ensure that resource is set to https://database.windows.net/

    I hope this helps.

    Thanks,
    Rahul

    0 comments