0

I have a Web API project I created using this tutorial that I'm trying to secure using Azure AD.

According to the tutorial, when I create the project, I can select "Change Authentication" and enter my AAD information and the authentication supposed to just "work" as long as I have <Authorize> on the controller I want to secure:

Azure AD Tenant Info

According to the tutorial, I need to add the API as an app in the Azure portal but its steps and screenshots are confusing because they're old and the Azure portal has been reorganized. It says:

Next step is to add the "WebAPIServerSingleTenant" as an app you can access in your native app. Navigate to the "WebAPIClientSingleTenant" app and add "WebAPIServerSingleTenant" to your approved list (tick the checkbox too)

But adding the tenant info from Visual Studio when I created the project creates an app registration in AAD automatically, so I'm not sure what it's asking me to do.

Furthermore, when I try to call the API from Postman, for example, I just get "Authorization has been denied for this request" despite generating and passing an access token in the header of the request that looks right to me.

What steps do I need to follow to secure my web API using Azure AD?

Improve this question
2
  • Please check if you have configured enough Roles for app under API permission. Commented Oct 31, 2019 at 11:28
  • @Prashant - enough roles for which app registration? There's one for the API and 3 others related to the client (which is a custom SharePoint web part). And what is "enough" for just simple sign in? Commented Oct 31, 2019 at 13:11

1 Answer 1

Reset to default
1

The 'Next step is to add the ..." instruction you quote above is about adding a reference to your API app to the AAD registration of your native app. To register the native app, go to the Azure portal and use App Registration. The instructions for how to do that linked in your article are obsolete - AAD UI is totally different now. Rather use one of the official samples, in particular the one for native client accessing an API.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

The client that will consume the API is a custom web part for SharePoint which complicates things for me because when I deployed the web part, it created 3 different app registrations in AAD automatically - one for the web part, one called "SharePoint Online Client Extensibility Web Application Principal", and one called "SharePoint Online Client Extensibility Web Application Principal Helper". I'm not sure what to add where.
I believe this article explains it: learn.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient ?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.