Sp-dev-docs: AADHttpClient: Sample for using WebApi ASP.NET Core 2.0

Created on 15 Mar 2018 · 11Comments · Source: SharePoint/sp-dev-docs

Is there any sample server side application which would work with the AADHttpClient?
I'm currently using the iframe-cookie approach which means that my authentication code looks like this https://github.com/aspnet/Security/issues/1583#issuecomment-354953746.
However it would be nice if I could get rid of the iframe and just use the AADHttpClient instead.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 47b09a1d-5520-82e2-64f5-7aaae817720a
Version Independent ID: 0e3dcdc4-3a49-b4c7-f525-1c618cf5e21e
Content: Connect to Azure AD secured APIs in SharePoint Framework solutions | Microsoft Docs
Content Source: docs/spfx/use-aadhttpclient.md
Service: unspecified
GitHub Login: @spdevdocs
Microsoft Alias: spdevdocs

docs

Source

Nasicus

Most helpful comment

I am getting below error when I am using AADHTTPClient and running it in workbench.html
sp-http.js:1570 Uncaught (in promise) Error: This operation cannot be performed until the AadTokenProvider is initialized.
at AadTokenProvider.getToken (sp-http.js:1570)
at sp-http.js:2414
at ServiceScope.whenFinished (sp-loader-assembly_en-us.js:9861)
at sp-http.js:2410
at new Promise ()
at AadHttpClient.fetch (sp-http.js:2409)
at AadHttpClient.get (sp-http.js:2433)
at SpfxaadWebPart.ts:42
at new Promise ()
at SpfxaadWebPart.getData (SpfxaadWebPart.ts:41)

tejyapranthi on 30 Mar 2018

👍4 👎1

All 11 comments

The AADHttpClient is intended for client-side use, not server side, for use in calling 3rd party endpoints from within the SharePoint Framework (and client-side only solution). There are already a lot of different ways to call 3rd party APIs from the server using ADAL / MSAL that has nothing to do with SharePoint... I'd check this for more details: http://aka.ms/aaddev

andrewconnell on 22 Mar 2018

I know the AAHttpClientis for client side. Thought this was clear from my post.

I wanted to know how the server side must look, so it accepts the request from the AADHttpClient.
However I figured it out myself.

Basically you only need to add JwtAuthentication, similar to this:
https://github.com/Azure-Samples/active-directory-b2c-dotnetcore-webapi

Nasicus on 23 Mar 2018

Have you checked Secure the API using Azure App Service Authentication ? it actually used Azure App Service Authentication to secure your Web API. But if you need to implement authorization based on the role, JwtAuthentication would be better.

frankchen76 on 23 Mar 2018

tejyapranthi on 30 Mar 2018

👍4 👎1

Web API Permission Request is not showing in my API Management.
The follwing are the steps followed by me.
1.Creating WedAPI in visual studio .
2.Creating app in azure.
3.Adding WebAPI in created app (appname:-AADApp).
4.Creating SPFX solution.
5.Adding WebAPIpermissionrequest as
"webApiPermissionRequests": [
{
"resource": "AADApp",
"scope": "User.ReadBasic.All"
}]
6.Deployed solution of an spfx in appcatalog.
7.Added int o sitecontents.
8.Here it's not showing any permissions to approve in apimanagement.

I am also getting error like"Uncaught (in promise) Error: This operation cannot be performed until the AadTokenProvider is initialized." in workbench.html.
when I am performing "gulp serve".

-> when i deployed solution in app catalog and with out approving permissions i am using the spfx web part .
But here it was showing error like

sp-pages-assembly_en-us_bbf1ba8e18797f770e10fb0068654369.js:602 Uncaught (in promise) Error: AADSTS50001: The application named "--application name is here--" was not found in the tenant named "--tenant name is here--". This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: 55be378a-bf9e-47ef-847d-48067a170e00
Timestamp: 2018-03-30 07:35:02Z
at Array. (sp-pages-assembly_en-us_bbf1ba8e18797f770e10fb0068654369.js:602)
at _callBackMappedToRenewStates.(/sites/DLRDestination/SitePages/anonymous function)._callBackMappedToRenewStates.(anonymous function) (https://spoprod-a.akamaihd.net/files/sp-client-prod_2018-03-16.021/0.sp-http-adal_4a41848c866052caa755.js:3:7561)
at AuthenticationContext.handleWindowCallback (adal.min.js:2)
at parseTokenFromUrl (spfxsinglesignon.aspx:23)
at onload (VM1413 spfxsinglesignon.aspx:30)

tejyapranthi on 30 Mar 2018

If there are more than 100 entries In APIManagement means it won't show latest one.To have latest one either we have to approve or reject previously entered permissions.

tejyapranthi on 3 Apr 2018

In workbench.html it will show error like "Error: This operation cannot be performed until the AadTokenProvider is initialized." .but if we upload spfx app solution in app catalog and use it in webpart the above error will not come.

tejyapranthi on 3 Apr 2018

make an own issue for this, it has nothign to do with what I asked.

Nasicus on 3 Apr 2018

@tejyapranthi it seems like you didn't create a scope in your AAD App manifest from the steps you listed.
"webApiPermissionRequests": [ { "resource": "AADApp", "scope": "User.ReadBasic.All" }]
when you specified User.ReadBasic.All in your permission request, did you define this scope in your Web Api AAD App manifest?
BTW, it seems like your questions isn't associated with what @Nasicus asked. would you mind to create a separate thread?

frankchen76 on 3 Apr 2018

@tejyapranthi I'm getting the same error. Any update on this?

lipalath-ms on 17 Jul 2018

Issues that have been closed & had no follow-up activity for at least 7 days are automatically locked. Please refer to our wiki for more details, including how to remediate this action if you feel this was done prematurely or in error: Issue List: Our approach to locked issues