Share via

azure app proxy to access the on-premise API question

admin 1 Reputation point
2020-08-04T05:45:23.737+00:00

Hi,
I have a Web API hosting in on-premise. now we have a native app needs to call this API from internet, here is what I did

create a app proxy for this on-premise API, follow the article: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-secure-api-access

using the MSAL library to call this API, the main code fregment is:

-----------------------

IPublicClientApplication clientApp = PublicClientApplicationBuilder
.Create("application id")
.WithDefaultRedirectUri() // will automatically use the default Uri for native app
.WithAuthority("https://login.microsoftonline.com/mytenantid")
.Build();
authResult = await clientApp.AcquireTokenInteractive(scopes).ExecuteAsync();
HttpClient httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
HttpResponseMessage response = await httpClient.GetAsync("https://my-azure-app-proxy-url/api");

-----------------------------------

when call the method await httpClient.GetAsync("https://my-azure-app-proxy-url/api"); it will throw 3 inner exceptions, first exception message is "WebException: The underlying connection was closed: An unexpected error occurred on a send.", second msg is:"IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.", thrid msg is : "SocketException: An existing connection was forcibly closed by the remote host" . i think the resason of these exceptions is the Azure AD can't recognize who am I and redirect me into the sign in page .

and I tried to use the postman to sent the request with the right bearer token, it give the "sign in to your account .." response.

my purpose is very simple, only the authenticated user can access this on-premise API in the internet network. and the on-premise API no need to know who is accessing.

can someone help me on this issue?

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,080 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. soumi-MSFT 11,786 Reputation points Microsoft Employee
    2020-08-06T06:56:05.897+00:00

    @admin , Thank you for reaching out. Troubleshooting this issue with being a little difficult over the forum as there might be few nitty-gritty that might get missed while trying to troubleshoot it over the forum posts. Also, the error shared is pretty generic. I would like to check if you have an Azure Support plan to help you create a case with our Technical Support to get you moving ahead and help you in fixing this issue.

    If you do not have a Support Plan to create a support ticket with us, do let us know and drop an email to azcommunity[at]microsoft[dot]com, with the following details:

    • Tenant ID/Tenant Name:
    • Subscription ID:

    Also do not forget to share this thread in the email that you send so that it helps us in identifying this thread and helping you further.

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.