5

I am using Microsoft.Identity.Web library to validate the token in my .Net Core Web API.

public void ConfigureServices(IServiceCollection services)
{
        ------------

    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddMicrosoftIdentityWebApi(Configuration);

        ------------
}

but as per the documentation here, I need to pass the AzureAd (an object that will contain tenantId, ClientId, Domain, Instance, etc) object to AddMicrosoftIdentityWebApi method through IConfiguration instance. As of now, this method tries to load this object from local appsetings.json file. I want to pass these details explicitly to the method AddMicrosoftIdentityWebApi as we are not storing any key-values in local appsettings.json file (all are coming through Consul and Vault).

I tried to override the Configuration object but was unable to do.

How do I pass this AzureAd object to AddMicrosoftIdentityWebApi method so that it can validate the token for me? As I am new to this library, am I missing anything here? may be the wrong method for validation?

Thanks in advance....

UPDATE: Hey.. I managed to pass the values explicitly.

Action<JwtBearerOptions> configureJwtBearerOptions = Test1;
static void Test1(JwtBearerOptions t1)
{
    t1.Audience = $"{appSettings.adCredentials.Instance}/{appSettings.adCredentials.TenantId}";
    t1.TokenValidationParameters.ValidAudiences = new string[] {
        appSettings.adCredentials.ClientId,
        $"api://{appSettings.adCredentials.ClientId}"
    };
}

Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions = Test2;
static void Test2(MicrosoftIdentityOptions t2)
{
    t2.TenantId = appSettings.adCredentials.TenantId;
    t2.ClientId = appSettings.adCredentials.ClientId;
    t2.Instance = appSettings.adCredentials.Instance;
    t2.Domain = appSettings.adCredentials.Domain;
    t2.ClientSecret = appSettings.adCredentials.ClientSecret;
}

IdentityModelEventSource.ShowPII = true;
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddMicrosoftIdentityWebApi(configureJwtBearerOptions, configureMicrosoftIdentityOptions) ;

Now when I am calling the API from postman its throwing the error along with status code 500:

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://graph.microsoft.com/{tenantId}/v2.0/.well-known/openid-configuration'.
 ---> System.IO.IOException: IDX20807: Unable to retrieve document from: 'https://graph.microsoft.com/{tenantId}/v2.0/.well-known/openid-configuration'. HttpResponseMessage: 'StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent

Can you please explain the issue and how to resolve this?

codersl
  • 2,222
  • 4
  • 30
  • 33
samir jamadar
  • 111
  • 1
  • 1
  • 7

2 Answers2

4

for .net 6

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme).AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAd"));
Jay Peterson
  • 159
  • 6
2

overload your AddMicrosoftIdentityWebApi with a "AzureAd" after Configuration

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddMicrosoftIdentityWebApi(Configuration, "AzureAd");
ahsan.g
  • 29
  • 2
  • 2
    He's asking how to do this if there is no IConfiguration available. I have the same issue, we use our own config format and need to pass these values explicitly. – Austin Salgat Oct 25 '21 at 18:02