Last post Jan 09, 2017 05:37 AM by Chris Zhao
Jan 06, 2017 10:53 AM|legal developer|LINK
I've hunted high and low for this but am struggling to find a simple 'how to' on how to globally grant permissions to users.
History: I'm building a new application with a Web App and Web Api which I want to allow third parties (controlled) to use. Both applications are registered in the same Azure AD App Registrations and both are set up using the template Single Organisation
Azure AD template. When I log on for the first time to the WebApp I can grant user permissions for that but when trying to (temporarily playing to understand) get the access token from the Api I get "AADSTS65001: The user or administrator has not consented
to use the application with ID '*****'. Send an interactive authorization request for this user and resource."
The code currently looks like
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(authority);
ClientCredential credential = new ClientCredential(clientId, appKey);
var result = await authContext.AcquireTokenSilentAsync(clientId, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
var apiResult = await authContext.AcquireTokenSilentAsync("********", credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
var model = new UserProfile
AccessToken = result.AccessToken,
Expires = result.ExpiresOn,
ApiAccessToken = apiResult.AccessToken,
Name = apiResult.UserInfo.GivenName
What is the best way to get around this? It's a closed system but I cant work out in the Azure Portal how to essentially trust the applications at an organisational level. In the grant permissions there seems to be the ability to set the delegated permissions
but not override them. All permissions were automatically created when using the templates.
Can someone point me to a step by step guide or advise another way?
Jan 09, 2017 05:37 AM|Chris Zhao|LINK
You could refer to the official documentation.
#How to protect a Web API backend with Azure Active Directory and API Management
Please consider posting Azure related questions to Azure Forums.