1

I am trying to start a new project that uses Azure AD for authentication. It is set up so that I have a SPA on the front end that gets information from an ASP.NET core web API, both of which I am creating. I am having trouble getting the front end token to authorize in the API. Every time I send a request to the API I get the error: Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: IDX10231: Audience validation failed.

I have set up the project as following.

In Azure AD I have set up two applications: One for the front end and one for the API. The API application has an API exposed called access_as_user. The front end application then has access to this. I have also made a client secret for both and added redirect URL's for the front end.

In my ASP.NET core API I am using I'm using Microsoft.Identity.Web and calling it like so:

// startup.cs

...
public void ConfigureServices(IServiceCollection services)
  {
    ...
    services.AddProtectedWebApi(Configuration, subscribeToJwtBearerMiddlewareDiagnosticsEvents: true);
    ...
  }
...

In my config the values are as follows:

"AzureAD": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "mydomain.onmicrosoft.com",
    "TenantId": "*MY TENANT ID*",
    "ClientId": "*Client ID of API",
    "ClientSecret": "Client Secret for API",
    "Audience": "Client ID of Front End"
}

To get auth I followed this tutorial -> here <- to set up PostMan to use OAuth 2.0 and get the tokens for me automatically. The magic happens at the end of step 3 in the tutorial.

Any help would be greatly appreciated.

Edit: After following the tutorial like alphaz18 suggested, I found my issue. I had forgotten to add the Authentication middle ware in the Configure part of Startup.cs.

            app.UseRouting();
            app.UseAuthentication(); // This line was missing.
            app.UseAuthorization();
Improve this question
1
  • So what is the audience in the token? could you check it matches what you re validating in the backend ? Commented Jun 23, 2020 at 8:32

1 Answer 1

Reset to default
1

I would highly recommend you follow the Microsoft sample tutorials first as they are all working. they give you all steps to get these samples working and is a great place to start: https://github.com/Azure-Samples/ms-identity-javascript-angular-spa-aspnetcore-webapi

in that tutorial you posted, I don't see anything about audience either. So where did you get that from?

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I'll go through and do that tutorial now. At a quick glance it looks like exactly what I need. As for the audience it was the error that came up in the debug logs. So I tried adding it in to see if it helped. It did not.
I've added an Edit to my original post pointing out where I went wrong. I found it after looking at the project you linked. Thanks so much, I had been stuck for a few days.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.