claims-based-identityws-federationazure-acsjavascript-securityazure-active-directory

Is there a javascript library to obtain authentication token with Windows Azure Active Directory


I have a number of web services created using Microsoft MVC4 Web Api and protected using WIF and Windows Azure Active Directory (WAAD) using WS-Fed.

I also have a pure HTML5/Javascript single page application (SPA) client that needs to access these web api's.

Are there any known samples/libraries in Javascript for handling the interactions with WAAD to

If not, are there any recommended links to the documentation required to implement something like that.


Solution

  • Is the page (SPA) coming from the same server the API's are hosted? (same domain?) If that's the case, then everything should "just work".

    WAAD is not involved in knowing whether the user is logged on or not. That should generally be up to your site. Token expiration does play a role though, if the supplied token is rejected by the API you would have to re-authenticate the user as usual.

    If the APIs are on a different site, but same hi-level domain (app.yoursite.com and api.yoursite.com), you can still set cookies and use WIF underneath. Make sure you set the same machine key on both sites.

    If the APIs are on a completely different domain, then you have to use a different approach. My recommendation in that case is usually to use Json Web Tokens (JWT) and CORS.

    I think WAAD can give you a JWT if you configure an ACS namespace in your WAAD instance. Take a look at this document that describes the process for securing WebAPI with JWTs (it is not specific to WAAD, but the mechanics would be the same).