Troubleshooting ASP.NET Core Azure AD-protected Web API Authorization issues

There is plenty of content on the internet that shows you how to use ASP.NET Core Authentication pipeline to protect a Web API with Azure Active Directory.  This is all working great except when your Web API returns a 401 Unauthorized error without providing much information.  You can end up spending a lot of time, pulling your hair out trying to figure out what can go wrong even though you…

Read More

Walkthrough: How to protect an ASP.NET Core Web API application with Azure AD

Pre-requisite: The ASP.NET Core Web API project in this tutorial uses Visual Studio 2017 with .Net Core runtime version 2.2 Application Registration: We will need to create an App Registration for the web API and an App Registration for the client app calling the web API in Azure Active Directory. Web API: From the Azure portal, navigate to the Azure Active Directory blade -> App registrations -> New registration to…

Read More

Using jwt.io to verify the signature of a JWT token

Introduction In an asymmetric algorithm, a JWT token is signed with an Identity Provider’s private key. To verify the signature of the token, one will need to have a matching public key. This post will cover how to use the JWT tool at https://jwt.io/ to verify the signature of an signed Azure AD token (either access or id token). Note: You should only validate the token intended for your own…

Read More