0

So, I have this legacy ASP.NET app that was previously using Windows Authentication scheme.

I am now trying to port it to Azure and have already configured the Azure Active Directory service on the azure portal and my organization's directory is already on Azure.

I would now like to change the web.config file so my app recognizes the Azure authentication and uses those credentials.

Previously, the config was thus

  <system.web>
  <compilation debug="true" targetFramework="4.6"/>
  <httpRuntime targetFramework="4.5" maxQueryStringLength="2097151" requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,\,?"/>
  <customErrors mode="Off"/>
  <authentication mode="Windows"/>

What should I change the authentication mode to?

Thanks a bunch!

Improve this question

1 Answer 1

Reset to default
1

As far as I know, if you have enable the web app's Authentication / Authorization AD login as below.

enter image description here

You don't need change any code. If the user want to access your web application, the azure will automatic redirect the user to AD login page.

If the user login success, then it will return a token to your application, in this token contains user's information.

Update:

I suggest you could use azure ad graph api to get the user information.

If you want to use the azure ad graph api, you need get the access token.

I suggest you could firstly access this url.

Search for your web, mobile or API app using the search bar.

Click Edit to enable making changes.

Set additionalLoginParams to the following:

["response_type=code id_token", "resource=https://graph.windows.net"]

Click the Read/Write button at the top of the page to enable making changes.

Click the PUT button to save your changes.

The result like this:

enter image description here

Then you could add below codes in your application to send the request with token to get the user information.

 string accessToken = this.Request.Headers[
 "X-MS-TOKEN-AAD-ACCESS-TOKEN"];
        // Call into the Azure AD Graph API using HTTP primitives and the
        // Azure AD access token.
        var url = "https://graph.windows.net/me?api-version=1.6";
        var request = WebRequest.CreateHttp(url);
        var headerValue = "Bearer " + accessToken;
        request.Headers.Add(HttpRequestHeader.Authorization, headerValue);

        using (var response = request.GetResponse())


        using (var streamReader = new StreamReader(response.GetResponseStream()))
        {
            string jsonResponse = streamReader.ReadToEnd();
            Response.Write(jsonResponse);
        }

This url is used to get the current user information.

https://graph.windows.net/me?api-version=1.6

If you want to get the user's group, I suggest you could change the url as below:

https://graph.windows.net/myorganization/me/$links/memberOf?api-version

More details about this api, you could refer to this article.

If you want to get the user's profile image, I suggest you could change the url as below:

https://graph.windows.net/myorganization/me/thumbnailPhoto?api-version

More details, you could refer to this article.

Notice: you need grant enough permission in your web app to enable get these value.

Image like this:

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

I have done that but I would like to know how to get that token into my application so I can retrieve information like security groups the user belongs to, profile picture etc.
I have update my answer, I suggest you could send request to AD graph to get the user information.
Thank you for the detailed answer. I will try that out.
I tried the above but I am getting a 403 error. This is my code. I verified that I am getting a token from the Header. I was even able to get the User object using that but no luck getting the groups. var url = "graph.windows.net/myorganization/me/$links/…"; Configuration load error. The remote server returned an error: (403) Forbidden. Application load error. Configuration load error. The remote server returned an error: (403) Forbidden.
To be sure, This thing works graph.windows.net/me?api-version=1.6 But not this graph.windows.net/myorganization/me/$links/…
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.