Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CLEAR example with WebApi and SPA Application (pure js)

See original GitHub issue
- [ ] bug report -> please search issues before submitting
- [X] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

It’s possible to have a CLEAR example with

  • WebAPI with a controller protected [Authorize] by JwtBearerToken
  • SPA Application (pure js) requesting token and passing to WebAPI ?

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:5
  • Comments:11 (5 by maintainers)

github_iconTop GitHub Comments

m4ss1m0gcommented, Jul 20, 2019

An example where the backend api validate the token. Now the first example on description use code not found on repository and also use an external library (made by Micosoft) without NuGet package.

For example on startup.cs code there are


While on README there are code about

.AddAzureAdBearer(options => Configuration.Bind("AzureAd", options));

That must be inserted after

services.Configure<JwtBearerOptions>(AzureADDefaults.JwtBearerAuthenticationScheme, options =>
    // This is an Azure AD v2.0 Web API
    options.Authority += "/v2.0";

    // The valid audiences are both the Client ID (options.Audience) and api://{ClientID}
    options.TokenValidationParameters.ValidAudiences = new string[] { options.Audience, $"api://{options.Audience}" };

    // Instead of using the default validation (validating against a single tenant, as we do in line of business apps),
    // we inject our own multitenant validation logic (which even accepts both V1 and V2 tokens)
    options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.ValidateAadIssuer;

No clues about AddAzureAdBearer, no clues about AddProtectWebApiWithMicrosoftIdentityPlatformV2

It wold be nice to have an example about:

  1. Configuring Azure App, for authentication only
  2. Simple javascript client aquiring token with MSAL.js calling ASP.NET Core API (Implicit Flow)
  3. Simple ASP.NET Core API protected by Azure AD ONLY validating token so I can call Controller protected by [Authorize] attribute
  4. Exaplain difference between the use of Token and IdToken and and explain the use of one or the other.
devna13commented, Oct 15, 2019

ok I’ll try the sample, Thanks @TiagoBrenck

Read more comments on GitHub >

github_iconTop Results From Across the Web

Building- Single Page Application Project in Vanilla JavaScript
let's start with what is a Single Page Application (SPA)?. A Single Page Application is a web app that loads only a single...
Read more >
ASP.NET - Single-Page Applications: Build Modern ...
... a Single Page Application template. This template installs a skeleton SPA built on Knockout.js. ... NET Web API to create a simple...
Read more >
Tutorial: Create a JavaScript single-page application that ...
In this tutorial, you build a JavaScript single-page application (SPA) that uses the Microsoft identity platform to sign in users and get an ......
Read more >
Letting a pure HTML/CSS/JS SPA application ask the user ...
I'm writing a fairly large application, with a HTML/CSS/JS frontend, using AngularJS and a ASP.NET MVC Web API as a backend. I would...
Read more >
CRUD in HTML, JavaScript, and jQuery Using the Web API
This article focuses on the four standard HTTP verbs that you use to work with the Web API: GET , POST , PUT...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found