Small example of a two tiers application with a FrontEnd application that calls a backend Api application. Both coded with Asp.Net Core 2.0 and secured with the same Azure Ad tenant (directory). This demonstrate how to retrieve an access token from AzureAd, using the implicit flow (OpenIdConnect):
For more detailed information read the following post
Using the Azure portal you need to:
- create two Azure Applications in your tenant
- FrontEnd
- Reply Url: http://localhost:10001/signin-oidc
- App ID Uri: http://AAD.2tiers.Web"
- Api
- Reply Url: http://localhost:10000
- App ID Uri: http://AAD.2tiers.Api
- FrontEnd
- allows the FrontEnd application to access Api (permission tab, add)
- Edit the manifest of the FrontEnd application and enable the implicit flow ("oauth2AllowImplicitFlow": true).
To automated these tasks you can use the powershell script Create2TiersAADDemo.ps1.
Last, you must update the appsettings.json file with your settings:
"Domain": "ZZZZZZZZZ.onmicrosoft.com",
"TenantId": "your tenant ID",
"ClientId": "your Application ID"
for the FrontEnd application add also the Application ID of the Api layer
"TargetApiAppId": "597add50-a83e-4930-8f8f-YYYYYYYY"
Browse to http://localhost:10001 and login with an account in your tenant: