Cannot Authenticate postman to use web api configure with Azure AD authentication

ICT Macingo 1 Reputation point
2021-07-28T13:45:38.893+00:00

Hi everyone,
I have created a web api in .NET 5 and then I published it on Azure. I have used this quickstart to configure Azure AD authentication on my web api.
However, I replicate what I exactly did. 3 Steps:

  1. Configure the wep api project;
  2. Configure my application on Azure Active Directory
  3. Configure Postman

1. CONFIGURE THE WEB API PROJECT
This is my startup.cs class:

   public void ConfigureServices(IServiceCollection services)  
   {  
       //  services.AddMicrosoftIdentityWebApiAuthentication(Configuration, "AzureAd");  
       services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)  
              .AddMicrosoftIdentityWebApi(Configuration, "AzureAd");  

       ...  
   }  

   public void Configure(IApplicationBuilder app, IWebHostEnvironment env)  
   {  
       ...  

       app.UseAuthentication();  
       app.UseAuthorization();  

       app.UseEndpoints(endpoints =>  
       {  
           endpoints  
               .MapControllers()  
               .RequireAuthorization();  
       });  
   }  

And this is my appsetting.json:

   "AzureAd": {  
     "Instance": "https://login.microsoftonline.com/",  
     //"Domain": "***.com", //Domain name configured in Azure    
     "TenantId": "***", // Tenant Id configured in Azure    
     "ClientId": "***", //  Client Id configured in Azure    
     //"CallbackPath": "/signin-oidc"  
   }  

2. CONFIGURE MY APPLICATION ON AZURE ACTIVE DIRECTORY

I went on Azure AD and I registered a new app:
![118705-image.png]3

I configured the platform

I added the secret for postman
118706-image.png

Then I click on Expose an API and I configure it:
118707-image.png

3. CONFIGURE POSTMAN
It should be really simple:

118731-image.png

I copied Auth and Token urls from overview page of the registered app on azure... The same for client id... Client id is eqaul to the one on the appsetting.json.. the scope is the same of the one i added on azure in previous step.

At the end, when I click on Get New Access Token, I get it correctly:
118694-image.png

But when I try to use it, to call my api I get the 401 Unauthorized error:

118723-image.png

My doubts is about the the scope... It should be configured on startup of the web api?

What is still wrong?

Thank you for your help

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,730 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,813 questions
{count} votes

1 answer

Sort by: Most helpful
  1. JasonPan - MSFT 6,256 Reputation points Microsoft Vendor
    2021-08-02T09:46:02.377+00:00

    Hi @ICT Macingo ,

    I have checked your steps by myself, and they are basically correct. There may be some details that have not been noticed. Regarding App registrations, you need to create Client side and Server side.

    Step 1. Client Side

    A web app that calls web APIs: App registration

    Step 2. Server Side

    Protected web API: App registration

    For more details, you can check this official doc: Exposed API


    If the answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards,
    Jason

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.