question

leemcragger-8595 avatar image
0 Votes"
leemcragger-8595 asked RahulMetangale-9479 answered

Unauthorized 401 from Azure WebAPI when trying to use B2C token as Authentication

Hello, kind of a newbie here...
Here's my scenario:
I'm having some trouble with testing if authentication is working with my webAPI that i have published to Azure...
I have a webapi that is connected to my azuresql, and without authentication enabled, i can get reponses from my sql with GET, POST, etc...so i know that the code is working in that aspect.
Now, i have a mobile app that has authentication code setup to retrieve a token via my b2c tenant via a login page, and that is working fine.
My problem, which im hoping someone can help me with, is that the token im getting from the b2c login (break point in my code and grabbing the returned token), is not being accepted by the webapi as a valid authentication.
i think either im testing it wrong in postman (header - Authentication / Bearer (pasted token), or my settings are wrong in Azure on the webapi itself.
Problem is there are so many settings, and again, I'm new to this.
Any help is greatly appreciated, but if all else fails, back to youtube i go.
Thanks!
-Lee

dotnet-xamarinazure-ad-b2cazure-ad-authentication
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @leemcragger-8595 , a more appropriate place to ask azure api related question is :https://azure.microsoft.com/en-us/support/options/

0 Votes 0 ·

1 Answer

RahulMetangale-9479 avatar image
0 Votes"
RahulMetangale-9479 answered

Hi @leemcragger-8595,

I am assuming you are developing a API which connect to Azure SQL and you want to use service principal to connect to Azure SQL from web API. if my understanding is correct please check following:

  1. Ensure that service principal has right access on Azure SQL Server. example to grant access to service principal to SQL
    CREATE USER [SerivcePrincipalName] FROM EXTERNAL PROVIDER
    EXEC sp_addrolemember 'db_reader', 'SerivcePrincipalName'

  2. While generating token ensure that resource is set to https://database.windows.net/

I hope this helps.

Thanks,
Rahul



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.