Hi Guys:
I need to enable authorization in a web api build on ASP.NET Core 2.0 hosted on azure app serviceagainst Azure AD B2C.
I am confuse because I dont know where is the correct location to enable security in my web api backend.
I found a code as:
services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(jwtOptions => { jwtOptions.Authority = $"https://login.microsoftonline.com/tfp/{Configuration["AzureAdB2C:Tenant"]}/{Configuration["AzureAdB2C:Policy"]}/v2.0/"; jwtOptions.Audience = Configuration["AzureAdB2C:ClientId"]; jwtOptions.Events = newJwtBearerEvents { OnAuthenticationFailed = AuthenticationFailed }; });
But I tried to consume it from Xamarin Forms using the loginasyc always gets a null.
Also I tried enabling the Authentication/Authorization option in the Azure Portal blade for this app service to use Active Directory. The issue with this approach is that the expiration date of MobileServiceAuthenticationToken property is incorrect (for example the exp should be set to an hour but is set to 30 days).
I am totally confuse. What is the proper way to enable security in the Asp.net Core 2.0 Web Api ?
Thanks in advanced