Adding Azure AD to a Mobile site with .net backend, and store-integrated windows 8.1 app.


Having built ourselves a known-working .net backend for an Azure Mobile site (and having updated quite a few packages in order to make it all compile with security attributes on guarded interface methods) we managed to follow along and also do the AAD-part of the process, as discussed at http://azure.microsoft.com/en-us/documentation/articles/mobile-services-windows-store-dotnet-adal-sso-authentication/

 image

 

1 2 string authority = "https://login.windows.net/rapmlsqa.com"; 3 string resourceURI = "https://reso987.azure-mobile.net/login/aad"; 4 string clientID = "563cb644-1918-4c35-8a9f-800f4e31c5f9"; 5

image

The figures above show, on the right, the mobile site configuration (the oauth client) being accessed logically by the configured desktop application on the left, that has delegated rights to the ToListApp webAPI hosted in the mobile site using the .NET backend. This of course exposes odata interface to some domain entities, using an http binding

Running all this, we get

image

image

image

and …

 

image

 

Looking at this on the wire, we see a websso token,

image

 

image

But then a failure to issue an oauth-mediated access token:

image

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in Azure AD. Bookmark the permalink.