.NET Core app with Azure App Service Authentication

Question

My webapp is developed with .NET Core and deployed in Azure. I have enabled Azure App Service Authentication and configured it to use Azure Active Directory. When I access

Answer 1

As Working with user identities in your application states:

App Service passes some user information to your application by using special headers. External requests prohibit these headers and will only be present if set by App Service Authentication / Authorization. Some example headers include:

• X-MS-CLIENT-PRINCIPAL-NAME
• X-MS-CLIENT-PRINCIPAL-ID
• X-MS-TOKEN-FACEBOOK-ACCESS-TOKEN
• X-MS-TOKEN-FACEBOOK-EXPIRES-ON

Code that is written in any language or framework can get the information that it needs from these headers. For ASP.NET 4.6 apps, the ClaimsPrincipal is automatically set with the appropriate values.

our application can also obtain additional user details through an HTTP GET on the /.auth/me endpoint of your application. A valid token that's included with the request will return a JSON payload with details about the provider that's being used, the underlying provider token, and some other user information.

As Chris Gillum suggested that you could invoke the /.auth/me endpoint and retrieve the user claims. You could write your custom middleware to check the X-MS-CLIENT-PRINCIPAL-ID header and invoke the /.auth/me endpoint and set the user claims manually. Here is the detailed code sample, you could refer to this similar issue.

Moreover, you could modify your application and explicitly add authentication middleware instead of using App Service Authentication / Authorization (EasyAuth) as evilSnobu commented. For this approach, you could use the ASP.Net Core OpenID Connect middleware, details you could follow the tutorials below:

Integrating Azure AD (v2.0 endpoint) into an ASP.NET Core web app

Integrating Azure AD into an ASP.NET Core web app