'Authenticating using Azure Active Directory with Angular 13 and .NET core web api
I have a .NET CORE 6 Api for the back end and a Angular 13 for the front end. Currently I am trying to authenticate via Angular using msal and then call the protected .net core API. I think I am missing something. The Api is the weatherforcast Api template. It successfully authenticates via AAD, which allows me to get user information. However when I try to request data via api by invoking the http.get method its not Authorizing. How does the protected API get authorization from the front end? Both Apps are registered in Azure Active directory. From my understanding the HTTP_INTERCEPTORS should intercept the access token and authorization for the api should be granted. The ProfileComponent has MsalGuard.
app.module.ts
import { HTTP_INTERCEPTORS, HttpClientModule } from '@angular/common/http';
import { NgModule } from '@angular/core';
import { BrowserModule } from '@angular/platform-browser';
import { Configuration } from 'msal';
import { AppComponent } from './app.component';
import { AppRoutingModule } from './app-routing.module';
import { BrowserCacheLocation, InteractionType, IPublicClientApplication, LogLevel, PublicClientApplication } from '@azure/msal-browser';
import { MsalGuard, MsalInterceptor, MsalBroadcastService, MsalInterceptorConfiguration, MsalModule, MsalService, MSAL_GUARD_CONFIG, MSAL_INSTANCE, MSAL_INTERCEPTOR_CONFIG, MsalGuardConfiguration, MsalRedirectComponent } from '@azure/msal-angular';
import { ProfileComponent } from './profile/profile.component';
import { environment } from '../environments/environment';
import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
import { MatFormFieldModule } from '@angular/material/form-field'
import { MatCheckboxModule } from '@angular/material/checkbox'
import { MatInputModule } from '@angular/material/input'
import { MatButtonModule } from '@angular/material/button'
import { MatDividerModule } from '@angular/material/divider'
const isIE = window.navigator.userAgent.indexOf("MSIE ") > -1 || window.navigator.userAgent.indexOf("Trident/") > -1;
export function loggerCallback(logLevel: LogLevel, message: string) {
console.log(message);
}
export function MSALInstanceFactory(): IPublicClientApplication {
return new PublicClientApplication({
auth: {
clientId: environment.clientId,
authority: environment.authority,
redirectUri: environment.redirectUrl,
postLogoutRedirectUri: environment.redirectUrl,
navigateToLoginRequestUrl: true
},
cache: {
cacheLocation: BrowserCacheLocation.LocalStorage,
storeAuthStateInCookie: isIE, // set to true for IE 11
},
system: {
loggerOptions: {
loggerCallback,
logLevel: LogLevel.Info,
piiLoggingEnabled: false
}
}
});
}
export function MSALInterceptorConfigFactory(): MsalInterceptorConfiguration {
const protectedResourceMap = new Map<string, Array<string>>();
protectedResourceMap.set('api://{uri id}', ['name.read']);
return {
interactionType: InteractionType.Redirect,
protectedResourceMap
};
}
export function MSALGuardConfigFactory(): MsalGuardConfiguration {
return { interactionType: InteractionType.Redirect };
}
@NgModule({
declarations: [
AppComponent,
ProfileComponent
],
imports: [
BrowserModule,
HttpClientModule,
AppRoutingModule,
MsalModule,
BrowserAnimationsModule,
MatCheckboxModule,
MatInputModule,
MatButtonModule,
MatFormFieldModule,
MatDividerModule
],
providers: [
{
provide: HTTP_INTERCEPTORS,
useClass: MsalInterceptor,
multi: true
},
{
provide: MSAL_INSTANCE,
useFactory: MSALInstanceFactory
},
{
provide: MSAL_GUARD_CONFIG,
useFactory: MSALGuardConfigFactory
},
{
provide: MSAL_INTERCEPTOR_CONFIG,
useFactory: MSALInterceptorConfigFactory
},
MsalService,
MsalGuard,
MsalBroadcastService
],
bootstrap: [AppComponent, MsalRedirectComponent]
})
export class AppModule { }
profile.component.ts
import { Component, OnInit } from '@angular/core';
import { MsalService } from '@azure/msal-angular';
import { ApiService } from '../services/api.service';
@Component({
selector: 'app-profile',
templateUrl: './profile.component.html',
styleUrls: ['./profile.component.css']
})
export class ProfileComponent implements OnInit {
forecasts: any;
name: any;
username: any;
constructor(private _apiService: ApiService, private _msalService: MsalService) { }
ngOnInit(): void {
const account = this._msalService.instance.getAllAccounts()[0];
this.name = account?.name;
this.username = account?.username;
this._apiService.getForcast().subscribe(result => {
this.forecasts = result;
}, error => console.error(error));
}
}
appsettings.json
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "example.com",
"TenantId": "{TenantId}",
"ClientId": "{ClientId}",
"Scopes": "name.write name.read",
"CallbackPath": "/signin-oidc",
"Audience": "api://{uri id}"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*"
Solution 1:[1]
You might want to check your protected resource map. You currently have "api://{uri id}". Try placing the actual API url here just to test it out. Something similar to... "http://localhost:1448/api/weatherforecasts", or whatever the endpoint would be. When you make the call, look to see if the authorization header is in the request.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | bdw |