question

PetterEkrann-2045 avatar image
0 Votes"
PetterEkrann-2045 asked JamesTran-MSFT answered

Calling APIM in customer Tenant using Access token retrieved from multitenant app.

I have a MT-App that authorizes users in my multi tenant application.
When a users logs in I verify that the issuer of the id-token is a known tenant from AzureAd. Using the GUID from the tenant.

Works like a charm :D

Now the a customer want me to do some "writeback" to their source system, by calling an API exposed through APIM.

I thought this is what OIDC/oAuth was all about, but I am not able to find any good examples on how to do this.

First thing I'm struggling with is actually how to get the access token.

 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.AzureAD.UI;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;

  services.AddAuthentication(AzureADDefaults.AuthenticationScheme).AddAzureAD(o =>
                     {
                         o.OpenIdConnectSchemeName = AzureADDefaults.OpenIdScheme;
                         o.Instance = "https://login.microsoftonline.com/";
                         o.TenantId = "organizations";
                         o.CallbackPath = "/signin-oidc"; 
    
    

                 OnTokenValidated = e =>
                 {
                     //This can not be the way to do it. but for now. 
                     var accestoken = e.SecurityToken.RawData; //This is the AccessToken


For now I'm storing the access token in a cookie, probably not the best way,
I have seen some docs mentioning a SaveToken option, but does not seem to be part og the AddAzureAD extension options.

After that calling APIM with the access token in the Authorization Header should do the trick?







dotnet-csharpazure-ad-authentication
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

There are several ASP.NET CORE Q&A tags you can post to for help.

0 Votes 0 ·

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered

@PetterEkrann-2045
Thank you for your post and I apologize for the delayed response! I found a Stack Overflow post where it looks like you might've resolved your issue.


Stack Overflow Solution:
You need to modify the code and use HttpContext.GetTokenAsync("access_token") to get the access token. For more info - https://stackoverflow.com/a/67513378


I'm glad that you were able to resolve this and if you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.