Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to get the Active directory token of a user?

I am developing a client-server application. In the usage of this application, clients and server have same AD (Active Directory) domain.

I want my server application to authenticate every client by its AD user. That means, that when a user runs an instance of the client application, the server should understand which AD user is using this instance of application and authenticate it. So, client application must send some information to server.

One solution is sending the user AD username. Because of security reasons, this solution isn't acceptable.

Another solution is sending user AD token (which is given to the AD user on logging in to windows). In this solution the server can check validity of this token and so it can recognize the client AD user and authenticate it. Now the problem is that in implemention of client's application, I don't know how to get the AD token.

I am using C# to implement the client application. Can you please help me with that? Or do you have better solution for this kind of authentication?

like image 449
parseh Avatar asked Apr 01 '15 21:04

parseh


People also ask

What is Azure Active Directory token?

An access token contains claims that you can use in Azure Active Directory B2C (Azure AD B2C) to identify the granted permissions to your APIs. When calling a resource server, an access token must be present in the HTTP request. An access token is denoted as access_token in the responses from Azure AD B2C.

What is user access token?

An access token is a tiny piece of code that contains a large amount of data. Information about the user, permissions, groups, and timeframes is embedded within one token that passes from a server to a user's device.

How do I get an Azure Active Directory token?

See Get an Azure Active Directory token using a service principal. Register an application with the Azure AD endpoint in Azure portal. Follow the instructions in Quickstart: Register an app with the Azure Active Directory v1.0 endpoint. Alternatively, you can use an app that is already registered.

How to authenticate a client ad user with AD token?

Another solution is sending user AD token (which is given to the AD user on logging in to windows). In this solution the server can check validity of this token and so it can recognize the client AD user and authenticate it. Now the problem is that in implemention of client's application, I don't know how to get the AD token.

What are OAuth access tokens?

Access tokens enable clients to securely call protected web APIs, and are used by web APIs to perform authentication and authorization. Per the OAuth specification, access tokens are opaque strings without a set format - some identity providers (IDPs) use GUIDs, others use encrypted blobs.

How do I validate access tokens in Azure AD middleware?

The Azure AD middleware has built-in capabilities for validating access tokens, and you can browse through our samples to find one in the language of your choice. There are also several third-party open-source libraries available for JWT validation - there is at least one option for almost every platform and language.


1 Answers

Get clientid/appid, secret key from azure portal and the below to get token. Your directory name can be found by clicking your account on top right.

 string tenantName = "yourdirectoryName.OnMicrosoft.com";
 string authString = "https://login.microsoftonline.com/" + tenantName;
 AuthenticationContext authenticationContext = new AuthenticationContext(authString, false);
 // Config for OAuth client credentials             
 ClientCredential clientCred = new ClientCredential(clientId, appKey);
 string resource = "https://graph.windows.net";
 string token;
 try
 {
     AuthenticationResult authenticationResult = authenticationContext.AcquireToken(resource, clientCred);
     token = authenticationResult.AccessToken;
 }
 catch (AuthenticationException ex)
 {
     Console.ForegroundColor = ConsoleColor.Red;
     Console.WriteLine("Acquiring a token failed with the following error: {0}", ex.Message);
     if (ex.InnerException != null)
     {
         Console.WriteLine("Error detail: {0}", ex.InnerException.Message);
     }
 }
like image 140
Kurkula Avatar answered Sep 27 '22 17:09

Kurkula