c# - Authenticate against an Azure Mobile Service App with ADAL.js acquired token -


i'm trying authenticate html app against azure mobile service app.

the setup

both apps use aad authentication backend, both apps have application registered in active directory:

azure mobile service app:

html app:

  • in "permissions other applications" added azure mobile service app delegated permission "access"

the azure mobile service uses .net backend, included , configured nuget package "microsoft azure mobile services .net backend security extension" described in https://azure.microsoft.com/en-gb/documentation/articles/mobile-services-dotnet-backend-windows-phone-get-started-users/

the html app uses adal.js , angular:

adalauthenticationserviceprovider.init( {     // config specify endpoints , similar app     clientid: "<html app aad client id>",     redirecturi: "<html app redirect uri>",     endpoints: {         '<ams app client id>': 'https://ampapp.azure-mobile.net/'     } }, $httpprovider );

this setup works expected, open html app, authenticate against azure ad, redirect app , i'm logged in. also, when try access azure mobile service see adal.js injects bearer token.

the problem

the bearer token not accepted azure mobile service - 401 not authorized. don't know why, azure mobile service uses it's own authentication header - ok.

msdn defines called "client-directed login operation" azure mobile service:

"requests authentication token microsoft azure mobile services using identity token obtained identity provider." (https://msdn.microsoft.com/en-us/library/azure/jj710106.aspx)

ok, lets this:

 // obtain token azure mobile service adal.js  var token = this.getaadtoken(zumoauthenticationprovider.config().url);   $http({         method: 'post',         url: zumoauthenticationprovider.config().url + 'login/aad',          data: json.stringify({                   "access_token" : token                }),         headers: {                  'x-zumo-application': '<application key>'        }).        success(function (data, status, headers, config) {             alert(data);        }).        error(function (data, status, headers, config) {             alert(data);        });

note: token acquired first line access token azure mobile service aad application , not html app.

this post request gets 401 response. don't know how authenticate app. tried azure mobile service js lib. lib works, uses popup authentication, don't add library projects few rest calls.

similar problems

when trying solve problems found other stackoverflow post:

why isn't azure mobile service accepting bearer token adal.js sending it?

  • same problem, no solution (even in chatlog linked in last comment)

how secure azure mobile service azure ad? adal.js

  • same author above, checked mentioned in accepted answer doesn't work

i took @ new azure mobile apps new azure management portal seems using same authentication mechanism.

so, how can working?

ok, found bug:

endpoints: {     '<ams app client id>': 'https://ampapp.azure-mobile.net/' }

this should 

endpoints: {     'https://ampapp.azure-mobile.net/': '<ams app id uri>':  }

after works! i'm goind publish angular modul github injects token in x-auth-user header every request adal.js does.

edit:

as promised here more detailed answer:

as mentioned in question have setup 2 applications in azure active directory:

  • an aad app azure mobile service
  • an aad app html app
    • set "oauth2allowimplicitflow" "true"
    • under "permissions other applications" add azure mobile service aad app enter image description here

configure angular app use azure mobile service endpoint

adalauthenticationserviceprovider.init( {     clientid:"54110492-4ae3-4c9f-9530-3101458d43fb",     redirecturi: "https://localhost:44304/",     endpoints: {         'https://zumodemoapp.azure-mobile.net/': 'https://zumodemoapp.azure-mobile.net/login/aad'     } }, $httpprovider );

now can use client-directed login operation azure mobile service authentication token.

var zumoappid = 'https://zumodemoapp.azure-mobile.net/login/aad'; var zumologinuri = 'https://zumodemoapp.azure-mobile.net/login/aad'; var zumotodocontroller = 'https://zumodemoapp.azure-mobile.net/tables/todoitem';  // 1. acquire oath token our zumo app azure ad via adal.js adalauthenticationservice.acquiretoken(zumoappid).then(function (data) {      //2. have azure ad token, lets azure mobile service token      $http.post(zumologinuri,                 json.stringify({                     "access_token": data                 })).                 success(function (data, status, headers, config) {                     //3. azure mobile service token can authenticate our request                     $http.get(zumotodocontroller,                                           {                                               headers:  {                                                       'x-zumo-auth': data.authenticationtoken                                               }                                           }).                                           success(function (data, status, headers, config) {                                               alert(data); //yay!                                           });                 }).                 error(function (data, status, headers, config) {                     alert(data);                 }); });

as mentioned in comment created more detailed blog post here. if need more information please leave comment :).


Comments

Post a Comment

Popular posts from this blog

Magento/PHP - Get phones on all members in a customer group -

i working on custom magento extension. working around adminhtml part , i've created custom form there. here form code: <?php class vivasindustries_smsnotification_block_adminhtml_sms_sendmass_edit_form extends mage_adminhtml_block_widget_form { public function _preparelayout() { $extensionpath = mage::getmoduledir('js', 'vivasindustries_smsnotification'); $head = $this->getlayout()->getblock('head'); $head->addjs('jquery.js'); $head->addjs('vivas.js'); return parent::_preparelayout(); } protected function _prepareform() { $form = new varien_data_form(array( 'id' => 'edit_form', 'action' => $this->geturl('*/*/save', array('id' => $this->getrequest()->get...
Read more

php - Bypass Geo Redirect for specific directories -

i'm trying bypass redirect specific url within site. wondering if might able help. the code below code use, original urls replaces example.com i'd able access http://example.com/admin without redirect occuring. is there way this, , there way using own ip? function country_geo_redirect() { $country = getenv('http_geoip_country_code'); if ($country == "us" ) { wp_redirect("http://usa.example.com/"); exit; } else if ($country == "gb" ) { wp_redirect("http://uk.example.com/"); exit; } } add_action('init', 'country_geo_redirect'); you can bypass redirection code if server found ip address. if ip address == <my ip address> ' nothing here else country_georedirect() end if
Read more

php - .htaccess mod_rewrite for dynamic url which has domain names -

i want convert url ex:( example.com/link.php?url=facebook.com ) ( example.com/facebook.com.php ) how can using .htaccess. or there other process make job easier ? i tried adding script .htaccess file options +followsymlinks rewriteengine on rewriterule url-(.*)\.htm$ link.php?url=$1 but converting url adding "url-" ( example.com/url-facebook.com.php ) i want remove "url-" , want make ( example.com/facebook.com.php ) rewriteengine on rewritecond %{the_request} ^get.*link\.php\?url\= [nc] rewritecond %{request_uri} !/system/.* [nc] rewriterule (.*?)link\.php\?url\=/*(.*) /$1$2 [r=301,ne,l] not sure how above work edit of used use remove index.php url
Read more