Azure AD authentication in published WebAPI not working -
i trying add azure active directory authentication asp.net webapi. followed this tutorial , have configured tenant , applications in azure correctly.
now if test locally sample desktop client, authentication works , can see authenticated user's claims.
user.identity.isauthenticated = true
however, if publish api azure (as web app), authentication not seem working anymore, exact same code used test api locally... have change endpoint api:
<add key="apibaseaddress" value="http://localhost:20105/" />
vs
<add key="apibaseaddress" value="https://***.azurewebsites.net/" />
note jwt token passed api same when testing api locally , published, authenticating same azure ad , same user accound.
what source of problem? azure uses https , running on http locally? if so, try fix issue?
this might due process follow publishing api. if publishing visual studio , using "organizational" settings, publishing logic create new app in azure ad cloud hosted web api instance , change audience settings accordingly. such, need match changes in logic requesting token - need request token api using same audience resource identifier or you'll end getting token localhost based deployment , send cloud instance, reject it. can avoid opting out of using organizational settings when publishing app website - keep audience unchanged , allow use tokens against local , cloud instances indifferently.
Comments
Post a Comment