Authenticate against an Azure Mobile Service App with ADAL.js acquired token

Question

I\'m trying to authenticate a HTML app against an Azure Mobile Service app.

The Setup

Both apps use AAD as authentication backend, so both apps have an app

Answer 1

The POST likely returns a 401 because the audience of the AAD token is incorrect. The Mobile Service expects this to be its /login/aad endpoint, but I suspect the token you are sending is actually scoped to the web site you are calling from. The delegated access permission just says that you can take a token from the site and transform it to a token for the Mobile Service. It does not change the nature of the issued token itself.

So the best suggestion is to make sure you are signing into the Mobile Service audience, or perform the delegated access flow. Unfortunately, there don't seem to be too many samples on the latter unless using ADAL.NET

One workaround would be to set the MS_AadAudience app setting on the mobile service to match that of your web site. You should only do this if the site and Mobile Service exist within the same logical security boundary for your application. That is, anything which can sign into your site can access the Mobile Service at this point. Overall, the better approach is to obtain an access token to the mobile service.