Granted this code is a few years old - is there an update to it that works with ASP.NET Web API (not Core)? I am generating access token elsewhere for this Web API app in Azure AD (app registered properly with AD). The token I use (to be used with the web service endpoint) is in 'access_token' property (this is obtained by calling the OAuth v2 endpoints /authorize and /token of the code grant flow, as described in:
{
"token_type": "Bearer",
"scope": "profile openid email https://graph.microsoft.com/Directory.Read.All https://graph.microsoft.com/User.Read",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyJ0eXAiOiJKV1QiLCJ...",
"id_token": "eyJ0eXAiOiJKV1QiLCJ..."
}
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = tenantName,
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = audience
}
});
However, sending a request to controller (which has the bearer token from 'access_token' above), I get back:
{
"Message": "Authorization has been denied for this request."
}
Any suggestions/updates would be welcome. Thanks!