iosazureazure-web-app-serviceasp.net-core-webapiasp.net-core-2.1

Azure App Service authentication issue on mobile device


I have created a .NET Core 2.1 WebAPI and published it to an Azure App Service. It all works fine when performing API calls from an iOS device, but if I enable Authentication (on the App Service level) using the Azure AD authentication provider, I am receiving a HTTP 401:

"You do not have permission to view this directory.

In my iOS code I implemented the ADAL library and in Azure I have registered a Native App to obtain a token for the WebAPI (API permissions on the Native App has been set to user_imporsonation for the Web API registration). I do get an accesstoken from the ADAL library and include in the Authorization header (Bearer ) for each request. I can reproduce this issue when using Postman and perform all the steps to first acquire a token using a Authorization Code grant-type. But if I perform the WebAPI request in a browser, I am first forced to authenticate (redirected to login.microsoftonline.com) and after that I do get to see the expected JSON results from the Web API call.

Anyone have an idea what I am missing here? Any help is much appreciated.

followed all the steps described here: https://learn.microsoft.com/nl-nl/azure/app-service/configure-authentication-provider-aad


Solution

  • Fixed this issue. Had to change the Allowed Token Audience to the Application ID URI. It was automatically set to the WebApp redirect URI which adds "/.auth/login/aad/callback" to the Application ID URI.