cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
captainsina
Regular Visitor

Secure an external .net 5.0 WebAPI using PowerApps portal token endpoint

I have a .net 5.0 WebAPI hosted in Azure appservice which needs to be called from JavaScript on a custom power apps portal page.

Both portal and Web API are currently secured using the same instance of an azure B2C.

 

Using implicit grant, I am able to make a call to <portal_url>/_services/auth/token endpoint of my portal and get current user's JWT token.

But, when I pass this token to my WebAPI (I'm adding this token to the http header of my ajax call to Web API), I get Unauthorized back from the WebAPI.

 

If I get a JWT token from the B2C directly, API accepts the token and runs successfully.

 

Do I need any specific configurations on my WebAPI side so it can successfully accept/consume the token that is returned by Portal's <portal_url>/_services/auth/token endpoint?

 

Cheers

2 ACCEPTED SOLUTIONS

Accepted Solutions
chleverenz
Power Participant
Power Participant

Hi @captainsina ,

i have no examplecode which i created, but there is a (yes old) version like this: https://github.com/microsoft/PowerApps-Samples/blob/master/portals/ExternalWebApiConsumingPortalOAut...

In fact, they check the token by themselves. 

I am not deep in the -net core pipilining where to set up the authentication against the implicit flow from the portals.

So, no idea whether you really have to write code or whether ists just more or less a setting for the api pipeline.

A (well bad) workaround could be, that you get a token from your b2c environment and pass ir to the call to the api. But the idea of the implicit flow was just to let the portals act as an identity provider for external apis no matter how the user signed in.

Exactly what you want 🙂

Hope the codesnippet helps a little bit,

  Christian

Have fun,
Christian
----------------------
Please do not forget to leave feedback if this post helped you. Already giving kudos is a great way of feedback when the post was helpful.
Comments on how the answer could be improved are welcome, too.

View solution in original post

OOlashyn
Most Valuable Professional
Most Valuable Professional

Hi @captainsina ,

You would need to verify and parse the token yourself on the api side as the token that you retrieve in the portal via <portal_url>/_services/auth/token endpoint will be portal specific and different from B2C token.

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.

View solution in original post

5 REPLIES 5
chleverenz
Power Participant
Power Participant

Hi @captainsina ,

may be two dumb questions:

  • as i got it you need to be signed in to get a token via implicit flow. So, ist the user doing the call really logged in?
  • when i got the story right the api (your .net 5.0) has to validate and check the token. This token is to be checked against the portal and not against any other service. So, may be the token is checked against the b2c and not against the portal

Just two quick ideas, hope it helps finding the issue,

 

Christian

 

Have fun,
Christian
----------------------
Please do not forget to leave feedback if this post helped you. Already giving kudos is a great way of feedback when the post was helpful.
Comments on how the answer could be improved are welcome, too.

@chleverenz ,

Not dumb at all, excellent questions and thank you.

Let me briefly explain the architecture:

  • Powerapps portal is integrated with Azure B2C (through configuration)
  • The custom API (.net 5.0) is also integrated with the same instance of B2C. 
  • The API is integrated with the B2C through configurations in appsettings.json and some initiating code in .net 5.0 Web API startup.cs. The validation of token etc. is handled by MVC framework, I do not have explicit code to decode token/verify/validate/ etc.
  • In Azure B2C, permissions are granted to portal app registration to make calls to this particular API

Scenario:

  1. End user logs in to portal using the B2C
  2. User navigates to portal's custom page on which the API call is needed
  3. At this point, user already has a token, the JavaScript on the page calls <portal_url>/_services/auth/token endpoint and receives current user's token successfully
  4. The JavaScript then makes the call to external api and injects the token (from step 3) in http header of the ajax call
  5. API responds by unauthorized.

If I get a token from B2C directly (using a postman call) and hardcode it in the http header of the JavaScript API call, it works fine, but when I use the token returned by portal endpoint, I get unauthorized.

 

My assumption was since both portal and API are integrated with the same B2C instance, the token returned by portal will be accepted by API, but its not behaving that way.

 

Question is if I need to change anything on API side for this to work.

 

Cheers

chleverenz
Power Participant
Power Participant

Hi @captainsina ,

i have no examplecode which i created, but there is a (yes old) version like this: https://github.com/microsoft/PowerApps-Samples/blob/master/portals/ExternalWebApiConsumingPortalOAut...

In fact, they check the token by themselves. 

I am not deep in the -net core pipilining where to set up the authentication against the implicit flow from the portals.

So, no idea whether you really have to write code or whether ists just more or less a setting for the api pipeline.

A (well bad) workaround could be, that you get a token from your b2c environment and pass ir to the call to the api. But the idea of the implicit flow was just to let the portals act as an identity provider for external apis no matter how the user signed in.

Exactly what you want 🙂

Hope the codesnippet helps a little bit,

  Christian

Have fun,
Christian
----------------------
Please do not forget to leave feedback if this post helped you. Already giving kudos is a great way of feedback when the post was helpful.
Comments on how the answer could be improved are welcome, too.

Thank you,

I have already seen that sample code and in fact that's the only one I have found so far.

As you mentioned, they are doing it in code and this is changed a lot in .net 5.0.

I am hoping there is a config that would take care of this by the framework in .net 5.0.

Million dollar question is: what and where 🙂

Cheers

OOlashyn
Most Valuable Professional
Most Valuable Professional

Hi @captainsina ,

You would need to verify and parse the token yourself on the api side as the token that you retrieve in the portal via <portal_url>/_services/auth/token endpoint will be portal specific and different from B2C token.

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.

Helpful resources

Announcements

Celebrating the May Super User of the Month: Laurens Martens

@LaurensM  is an exceptional contributor to the Power Platform Community. Super Users like Laurens inspire others through their example, encouragement, and active participation. We are excited to celebrated Laurens as our Super User of the Month for May 2024.   Consistent Engagement:  He consistently engages with the community by answering forum questions, sharing insights, and providing solutions. Laurens dedication helps other users find answers and overcome challenges.   Community Expertise: As a Super User, Laurens plays a crucial role in maintaining a knowledge sharing environment. Always ensuring a positive experience for everyone.   Leadership: He shares valuable insights on community growth, engagement, and future trends. Their contributions help shape the Power Platform Community.   Congratulations, Laurens Martens, for your outstanding work! Keep inspiring others and making a difference in the community!   Keep up the fantastic work!    

Check out the Copilot Studio Cookbook today!

We are excited to announce our new Copilot Cookbook Gallery in the Copilot Studio Community. We can't wait for you to share your expertise and your experience!    Join us for an amazing opportunity where you'll be one of the first to contribute to the Copilot Cookbook—your ultimate guide to mastering Microsoft Copilot. Whether you're seeking inspiration or grappling with a challenge while crafting apps, you probably already know that Copilot Cookbook is your reliable assistant, offering a wealth of tips and tricks at your fingertips--and we want you to add your expertise. What can you "cook" up?   Click this link to get started: https://aka.ms/CS_Copilot_Cookbook_Gallery   Don't miss out on this exclusive opportunity to be one of the first in the Community to share your app creation journey with Copilot. We'll be announcing a Cookbook Challenge very soon and want to make sure you one of the first "cooks" in the kitchen.   Don't miss your moment--start submitting in the Copilot Cookbook Gallery today!     Thank you,  Engagement Team

Announcing Power Apps Copilot Cookbook Gallery

We are excited to share that the all-new Copilot Cookbook Gallery for Power Apps is now available in the Power Apps Community, full of tips and tricks on how to best use Microsoft Copilot as you develop and create in Power Apps. The new Copilot Cookbook is your go-to resource when you need inspiration--or when you're stuck--and aren't sure how to best partner with Copilot while creating apps.   Whether you're looking for the best prompts or just want to know about responsible AI use, visit Copilot Cookbook for regular updates you can rely on--while also serving up some of your greatest tips and tricks for the Community. Check Out the new Copilot Cookbook for Power Apps today: Copilot Cookbook - Power Platform Community.  We can't wait to see what you "cook" up!      

Tuesday Tip | How to Report Spam in Our Community

It's time for another TUESDAY TIPS, your weekly connection with the most insightful tips and tricks that empower both newcomers and veterans in the Power Platform Community! Every Tuesday, we bring you a curated selection of the finest advice, distilled from the resources and tools in the Community. Whether you’re a seasoned member or just getting started, Tuesday Tips are the perfect compass guiding you across the dynamic landscape of the Power Platform Community.   As our community family expands each week, we revisit our essential tools, tips, and tricks to ensure you’re well-versed in the community’s pulse. Keep an eye on the News & Announcements for your weekly Tuesday Tips—you never know what you may learn!   Today's Tip: How to Report Spam in Our Community We strive to maintain a professional and helpful community, and part of that effort involves keeping our platform free of spam. If you encounter a post that you believe is spam, please follow these steps to report it: Locate the Post: Find the post in question within the community.Kebab Menu: Click on the "Kebab" menu | 3 Dots, on the top right of the post.Report Inappropriate Content: Select "Report Inappropriate Content" from the menu.Submit Report: Fill out any necessary details on the form and submit your report.   Our community team will review the report and take appropriate action to ensure our community remains a valuable resource for everyone.   Thank you for helping us keep the community clean and useful!

Hear what's next for the Power Up Program

Hear from Principal Program Manager, Dimpi Gandhi, to discover the latest enhancements to the Microsoft #PowerUpProgram, including a new accelerated video-based curriculum crafted with the expertise of Microsoft MVPs, Rory Neary and Charlie Phipps-Bennett. If you’d like to hear what’s coming next, click the link below to sign up today! https://aka.ms/PowerUp    

Welcome! Congratulations on joining the Power Pages community!

Welcome to the Power Pages Community!   You're now a part of a vibrant group of peers and industry experts who are here to network, share knowledge, and even have a little fun.     Now that you're a member, you can enjoy the following resources:   The Power Pages Community Forums The forums are also a great place to connect with other Power Pages community members. Check the News & Announcements section for community highlights, find out about the latest community news, and learn about the Community Team. Share your feedback, earn custom profile badges, enter challenges to win prizes, and more.   Community Blog Our community members have learned some excellent tips and have keen insights on the future of business analysis. Head on over to the Community Blog to read the latest posts from around the world. Let us know if you'd like to become an author and contribute your own writing — everyone is welcome.   And that’s not all, we have Galleries of additional information such as the Community Connections & How To Videos & Webinars & Video Gallery and more to motivate, educate and inspire you.   Again, welcome to the Power Pages community family, we are so happy you have joined us! Whether you are brand new to the world of data or you are a seasoned veteran - our goal is to shape the community to be your ‘go to’ for support, networking, education, inspiration and encouragement as we enjoy this adventure together! Let us know in the Community Feedback forum if you have any questions or comments about your community experience, but for now – head on over to the forums Get Help with Power Pages and dive right in!   To learn more about the community and your account be sure to visit our Community Support Area. We look forward to seeing you in the Power Pages Community!   The Power Pages Community Team  

Users online (2,811)