4

I am using the following approach as the basis of this (https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-webapi-dotnet).

I got all this example working after setting up azure. But now we need to port it to an actual existing mobile app and web api app. The mobile app can get the Bearer token, but when we pass it to the web api, we pass this in a CSOM request as follows, but we still get a 401 Unauthroised response.

public static ClientContext GetSharepointBearerClientContext(this JwtTokenDetails tokenDetails)
    {
        var context = new ClientContext(tokenDetails.SiteUrl);
        //context.AuthenticationMode = ClientAuthenticationMode.Anonymous;
        context.ExecutingWebRequest += new EventHandler<WebRequestEventArgs>((s, e) =>
        {
            e.WebRequestExecutor.RequestHeaders["Authorization"] = "Bearer " + tokenDetails.BearerToken;
        });
        return context;
    }

Our web api doesn't use any of the tech as in the example above, as I presume that we should just be able to pass the token through the CSOM request in the header, but this is not working, what else could I look at?

I have assigned the Office 365 Sharepoint Online (Microsoft.Sharepoint) permission and set the following

Required Permissions

I have also done the same for the app registration, which we don't really use! Still not sure how the app registration comes into it)...

Andrew
  • 2,571
  • 2
  • 31
  • 56

1 Answers1

2

So this was possible, it was just microsoft telling us to put in an incorrect value. All the documentation says put the APP ID URI in the Resource. But in our case it needed to be the sharepoint url.

So we have the tenant name which on azure id the domain name e.g. srmukdev.onmicrosoft.com

Tenant: srmukdev.onmicrosoft.com

Application Id: This is the guid for the app registered in azure active directory.

RedirectUri: This can be any url(URI), its not actually used as a url for a mobile app as far as I can see.

ResourceUrl: srmukdev.sharepoint.com

The code I am using to get a token is as follows for a WPF example. The aadInstance is https://login.microsoftonline.com/{0}

private static string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

public async void CheckForCachedToken(PromptBehavior propmptBehavior)
    {
        //
        // As the application starts, try to get an access token without prompting the user.  If one exists, populate the To Do list.  If not, continue.
        //
        AuthenticationResult result = null;
        try
        {
            result = await authContext.AcquireTokenAsync(resourceUrl, applicationId, redirectUri, new PlatformParameters(propmptBehavior));
            TokenTextBox.Text = result.AccessToken;
            // A valid token is in the cache - get the To Do list.
            GetTokenButton.Content = "Clear Cache";
        }
        catch (AdalException ex)
        {
            if (ex.ErrorCode == "user_interaction_required")
            {
                // There are no tokens in the cache.  Proceed without calling the To Do list service.
            }
            else
            {
                // An unexpected error occurred.
                string message = ex.Message;
                if (ex.InnerException != null)
                {
                    message += "Inner Exception : " + ex.InnerException.Message;
                }
                MessageBox.Show(message);
            }
            return;
        }
    }
Andrew
  • 2,571
  • 2
  • 31
  • 56