Hi everyone,
I have created a web api in .NET 5 and then I published it on Azure. I have used this quickstart to configure Azure AD authentication on my web api.
However, I replicate what I exactly did. 3 Steps:
- Configure the wep api project;
- Configure my application on Azure Active Directory
- Configure Postman
1. CONFIGURE THE WEB API PROJECT
This is my startup.cs
class:
public void ConfigureServices(IServiceCollection services)
{
// services.AddMicrosoftIdentityWebApiAuthentication(Configuration, "AzureAd");
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(Configuration, "AzureAd");
...
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints
.MapControllers()
.RequireAuthorization();
});
}
And this is my appsetting.json
:
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
//"Domain": "***.com", //Domain name configured in Azure
"TenantId": "***", // Tenant Id configured in Azure
"ClientId": "***", // Client Id configured in Azure
//"CallbackPath": "/signin-oidc"
}
2. CONFIGURE MY APPLICATION ON AZURE ACTIVE DIRECTORY
I went on Azure AD and I registered a new app:
]3
I configured the platform
I added the secret for postman
Then I click on Expose an API
and I configure it:
3. CONFIGURE POSTMAN
It should be really simple:
I copied Auth and Token urls from overview page of the registered app on azure... The same for client id... Client id is eqaul to the one on the appsetting.json
.. the scope is the same of the one i added on azure in previous step.
At the end, when I click on Get New Access Token
, I get it correctly:
But when I try to use it, to call my api I get the 401 Unauthorized error:
My doubts is about the the scope... It should be configured on startup of the web api?
What is still wrong?
Thank you for your help