Last post Feb 26, 2016 06:08 AM by Jamobor yao - MSFT
Feb 25, 2016 01:49 PM|tryinHard|LINK
I have an ASP.NET Web API 2 backend that I use with an HTML/JS browser-based client. The Web API is configured to use the AD FS of an Azure VM (for exlanation, we'll call it 'dc', aka 'dc.cloudapp.net' from the public internet). That VM is an a VNet. Everything
works as expected on my local machine during development.
I have attempted to set up a test environment on Azure in the same VNet, using two other VMs, one for the client and one for the web/db server (we'll call it 'testServer') to simulate an intranet environment. 'dc' is the domain controller, DNS server, and
AD server for the domain that 'testServer' is in.The new server has a relying party set up on the AD FS VM (dc), and everything appears to work properly when a user attempts to login to the app on testServer. An OAuth bearer token is received and added to
After much testing, I have determined that I am not receiving any claims or user information when using the app on 'testServer'. Everything else works. I have edited the issuance transform rules (Claim Rules) for the Relying Party Trust to be exactly the
same as the working 'localhost' Relying Party Trust, so that shouldn't be the issue. Also, there is a valid client id registered with AD FS for the 'testServer' application.
I need some ideas. I would really appreciate any assistance in what I should do next to diagnose why there's a difference.
Feb 25, 2016 08:10 PM|tryinHard|LINK
For clarification, I am using 'dc' as my AD FS server for both my localhost app as well as my 'testServer' app. To access 'dc' from localhost, i'm using dc.cloudapp.net. From 'testServer', i'm using the same dns name, but i've tried changing it to the name
being used by the domain (dc.lan.com).
I am getting a JWT for both back from AD FS. However, my custom OAuthBearerAuthenticationProvider class's ValidateIdentity is never called for the test environment's application.
Feb 25, 2016 09:36 PM|tryinHard|LINK
Okay, nevermind. The JWT had the appropriate claims in it as verified on jwt.io. For some reason, my app is not reading the JWT data. So, now, I think I need to figure out what's different between my two server setups.
Feb 26, 2016 06:08 AM|Jamobor yao - MSFT|LINK
Thanks for your posting. If you have any issue about Azure VM and Virtual Network, please try to move to the following forum:
Azure VM: https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WAVirtualMachinesforWindows
It is appropriate and more experts will assist you.