Doesn't seem to authorize as of late

[mostwired]

Granted this code is a few years old - is there an update to it that works with ASP.NET Web API (not Core)? I am generating access token elsewhere for this Web API app in Azure AD (app registered properly with AD). The token I use (to be used with the web service endpoint) is in 'access_token' property (this is obtained by calling the OAuth v2 endpoints /authorize and /token of the code grant flow, as described in:

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

{
    "token_type": "Bearer",
    "scope": "profile openid email https://graph.microsoft.com/Directory.Read.All https://graph.microsoft.com/User.Read",
    "expires_in": 3599,
    "ext_expires_in": 3599,
    "access_token": "eyJ0eXAiOiJKV1QiLCJ...",
    "id_token": "eyJ0eXAiOiJKV1QiLCJ..."
}

The web api is configured with appropriate values:

app.UseWindowsAzureActiveDirectoryBearerAuthentication(
                new WindowsAzureActiveDirectoryBearerAuthenticationOptions
                {
                    Tenant = tenantName,
                    TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidAudience = audience
                    }
                });

However, sending a request to controller (which has the bearer token from 'access_token' above), I get back:

{
    "Message": "Authorization has been denied for this request."
}

Any suggestions/updates would be welcome. Thanks!

[jmprieur]

@mostwired This is an Azure AD v1.0 application, whereas you are using scopes. you need to use resources (as explained in the README.md)

If you are interested in v2.0 applications (which I would advise you to use), please see this sample: https://github.com/Azure-Samples/ms-identity-aspnet-webapi-onbehalfof

[TiagoBrenck]

This sample has been archived.

The newer one can be found at: https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2