Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Aug 10, 2012 03:41 PM by Mayur Rathi
Aug 08, 2012 12:01 PM|LINK
Hi, I'm new to Identity.
Following steps define my scenario -
1. I've MVC app and ASP.Net Web Api hosted in different azure roles.
2. Both the applications have established trust with CustomSTS1
3. When user tries to log in to MVC app, he is redirected to CustomSTS1 log in page. User enters credentials and redirected back to MVC app along with SAML token and claims.
4. MVC app create a Http request to WebApi. The http request has Authorization header with value as token.
5. WebApi has CUstomAuthorize attribute to parse the token from request's authorization header and validate it.
6. When MVC app tries to get response from WebApi, it gets Unauthorize response. without going into CustomAuthorizeAttribute.
If i remove trust between WebApi and CustomSTS1 then in above scenario, when CustomAuthorizeAttribute tries to Validate token, "ID1032: At least one 'audienceUri' must be specified in the SamlSecurityTokenRequirement when the AudienceUriMode is set to 'Always'
or 'BearerKeyOnly'. Either add the valid URI values to the AudienceUris property of SamlSecurityTokenRequirement, or turn off checking by specifying an AudienceUriMode of 'Never' on the SamlSecurityTokenRequirement." exception occurs.
Can anyone hep me out. Do i need to establish trust between WebApi and CustomSTS1 ?
Aug 10, 2012 03:41 PM|LINK
From the description you have Given all i can understand is You are trying to authenticate in web api and the authentication process is going through the mvc application
If that is the case then you will have to configure your api to trust MVC app as the claims to api are provided by mvc app and configure the MVC app to trust STS. That will solve your problem.
<wsFederation passiveRedirectEnabled="true" issuer="MVCAPP url" realm="API Url" requireHttps="false" />
<cookieHandler requireSsl="true" />
</federatedAuthentication>Do not forget to mark as answer :).