While writing the single page application, we need to consider CORS. CORS – Cross-Origin Resource Sharing basically enables us to access resources that are in different domain and here the CORS support is only enabled for the Web API and not for the Organization Service. The Azure Active Directory Authentication Library (adal.js) that we will be using in our Single Page App will takes cares of all the CORS complexity for us.
To get started,
Create a new ASP.NET Web Application of type Empty Project.
Add an HTML page to it.
To make example easy to understand, let us add just 3 buttons and 2 DIV
Before we proceed further, login to Azure Portal and register the client application.
Copy the Client Id.
Specify the URL of the page that we are working on as the REDIRECT URI and also enable Access Tokens and ID Tokens required for implicit grant to work.
Back in our html page,
First step is to get the AuthenticationContext object.
To get the authentication context we can use the below line of code
Below is how we will specify the configuration details required by the AuthenticationContext.
- postLogoutRedirectUri – ADAL redirects the user to postLogoutRedirectUri after logout. Defaults is ‘redirectUri’.
- cacheLocation – ADAL caches tokens in the browser storage which defaults to ‘sessionStorage’. You can set this to either ‘localStorage’ or ‘sessionStorage’.
Read about all the configuration options here
Login and Logout methods are straightforward à
Login method will redirect the user to a new page for entering the credentials. If we want to remain in the same page and use popup instead, we can specify it in the popUp property of config.
To get the user details use the GetCachedUser() method of Authentication Context. The sign-in flow not only gets the token but also authenticates the user with Azure AD. The user.profile property contains the claims about the user.
User Profile è
AcquireToken method of AuthenticationContext to get the token and make the request
The getUserDetails method
The basic flow of the application à
Click on Login to authenticate. The message div indicates that there is no user information present in the cache.
Enter the credentials
This redirects back to the page, showing logout button and Get User GUID button and hiding login button. It also shows the Name of the user fetched from the profile.
Click on Get User GUID to call the WhoAmI request and display the GUID of the user.
Finally click on Logout and select the account to sign out of.
On successful sign out we will be redirected to our page.
Back in our Fiddler below is the Request being passed to the Authorization end point.
response_type value of id_token value has been added by OpenID Connect. OpenID connect extends OAuth 2.0, by adding the authentication layer to it, by allowing the verification of the identity of the end user as well as to obtain basic information about the end user.
Hope it helps..