question

SiegfriedHeintze-9929 avatar image
0 Votes"
SiegfriedHeintze-9929 asked azure-cxp-api edited

How to turn on azure side logging for AAD?

I'm having trouble debugging a sample Azure Active Directory tutorial sample app that uses simple User Based Authentication with azure-activedirectory-library-for-js.

The main web app seems to authenticate OK but when the javascript calls active directory to do a AJAX call to an API, I get an error "Error in getting values".

How can I diagnose this problem?
It would be nice to know if I am successfully contacting azure active directory (AAD). Is there any server (azure) side logging I can turn on to get some more clues?

Now I am curious about a different sample AAD B2C tutorial. Does AAD B2C have any server (azure) side logging that can be turned on?

Thanks
Siegfried

     // Acquire Token for Backend
     authContext.acquireToken(authContext.config.resourceId, function (error, token) {

         // Handle ADAL Errors
         if (error || !token) {
             printErrorMessage('ADAL Error Occurred: ' + error);
             return;
         }

         jQuery.support.cors = true;

         // Get values
         $.ajax({
             type: "GET",
             url: "https://localhost:44362/api/values",//"http://localhost:51101/api/values",//"https://localhost.fiddler:44362/api/values",
             headers: {
                 'Authorization': 'Bearer ' + token
             }
         }).done(function (data) {
             $("#lblData").text("values returned from API are: " + data[0] + ", " + data[1]);
             console.log('Get Call Sucessfull');
         }).fail(function () {
             console.log('Fail to get values');
             printErrorMessage('Error in Getting Values');
         });
     });






azure-active-directoryazure-webapps
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

What does your api/values route do? Do you have it setup?

If you're project is .NET FX/Core, you should have a

 [Route("api/{controller}]
 public class ValuesController : Controller
 {
      public IEnumerable<string> Get()
      {
           return new [] { "value1", "value2" };
      }
 }

If your project is NodeJs, you should have

 router.get('/api/values', function(req, res, next) {
   res.send('["value1", "value2"]');
 });
0 Votes 0 ·

It is pretty much what you typed for the C#. It would be nice to know why it is failing. Perhaps it is not authorized? How do I tell? There were no clues in the java script console log. Since I posted I discovered I'm getting a token from AAD. I have configured AAD to give consent/permissions to "UserGetValues" and "AdminGetValues" and added the API to the Web App Client.


 // basic stuff
 [Route("api/[controller]")]     
 [Authorize]     
 [ApiController]     
 public class ValuesController : ControllerBase     {
         // GET api/values
         [HttpGet]
         public ActionResult<IEnumerable<string>> Get()    {
             return new string[] { "value1", "value2" };
         }
     }

0 Votes 0 ·
ryanchill avatar image
0 Votes"
ryanchill answered

@SiegfriedHeintze-9929 I suggest enabling logging on your client app. Adding application insights javascript libraries should provide additional telemetry and auto-collect exceptions like "Error getting values". If this doesn't help, let me know.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SiegfriedHeintze-9929 avatar image
0 Votes"
SiegfriedHeintze-9929 answered

The tutorial I'm using has me hosting the WebAPP and the WebAPI locally on my dev machine and not azure. I'm using javascript to authenticate on azure AD.
This tutorial does not use npm. Is it possible to use Application Insights without using npm?

I was previously able to login in to the WebApp and I having trouble connecting to my cross site REST service using the javascript authContext.acquireToken. I was successfully getting a token from the authContext.aquireToken.

In the process of experimenting I have some how broken the WebApp and I can no longer login to the web app to even get to the point where I can call authContext.acquireToken.

So if there is no logging on the server side of Azure Active directory to give me some hints on why things are going wrong?

So let me focus on restoring my ability to log in to the WebApp. This was working two days ago.
Yesterday I was getting AADSTS700054: response_type 'id_token' is not enabled for the application. After bing searching I tried enabling the "ID Tokens" check box and enabling "oath2AllowImplicitFlow" in that json script in the manifest as described how-to-fix-aadsts700054-response_type-id_token-is-not-enabled-for-the-application-error and that did not help.

Today I'm not getting any errors. I put alert statements in the javascript implmentation of adal and I'm successfully calling this code in AuthenticationContext.prototype.login :


          alert('Begin Prompt User ' + urlNavigate);
         this.promptUser(urlNavigate);
         alert('End Prompt User ' + urlNavigate);



I've checked and double checked my resourceID, my clientID, resourceID etc...
Today I'm not getting any errors that I can see. The browser console log does not have anything helpful.

Ooops, I lied, I finally got this error in the browser again (after several tries):

Request Id: c3cb5647-cddb-4e4b-8331-3c3964c50b00
Correlation Id: 6ee6efea-7a22-4a7f-a5e2-bbb62c468666
Timestamp: 2020-04-22T21:59:03Z
Message: AADSTS700054: response_type 'id_token' is not enabled for the application.

So I've tried to fix this many times the error still occurs.
Thanks for your help.
Siegfried


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.