Swagger UI authentication with Azure AD B2C on Service Fabric .NET Core

I’ve been trying to figure out how to enable authentication on Swagger UI setup on an ASP.NET Core API hosted on Service Fabric (currently hosted locally). I initially setup the Service Fabric project using the wizard and immediately connected it with an application in my Azure AD B2C tenant. This appears to work but when using the ‘try it out’ functionality within Swagger UI, I get the HTTP 401 errors.

I tried following the instructions here. This blog post provided a nice up-to-date walkthrough on how to setup the applications in Azure Active Directory B2C.

My Web API application:

Name: This appeared to be referenced in the above mentioned article’s swagger configuration so I kept the name ‘code-friendly’ (e.g. Pascal cased with no spaces or special characters)

Reply URL: While I do own that domain, I completely made up this Reply URL as there is nothing hosted at that URL. I haven’t even created the CNAME yet.

App ID URI: I also made this up. Since I plan on only hosting one Web API that is accessible to my end users (on the B2C tenant) I kept it short and sweet ‘api’.

I created the additional scope as instructed by the above mentioned article:

My Swagger UI application:

I then granted this application access to my UserAPI application as instructed in the above mentioned article:

With my Azure Active Directory application configuration appearing to be per specification, I moved onto the last phase which was configuring Swagger UI to use OAuth2. However, it appears the above mentioned article seemed to be using standard ASP.NET instead of ASP.NET Core. As a result, I had to piece together the equivalent .NET Core commands using a few other sources. StackOverflow 1, StackOverflow 2, and GitHub.

I think I got it right. Here’s where I configure Swagger Generation:

Notice I change the following:

Authorization URL: To include my Azure Active Directory B2C tenant sub-domain “vitalsigynusers”

Scope URL: Changed to include my Azure Active Directory domain. I did a little algebra based on the URL specified in the article and how my Azure Active Directory Tenant / Web API application was configured.

Then I configure the Swagger UI:

Notice I changed two things:

  1. OAuth2 clientid
  2. Sign In Policy Identifier

OAuth2 “clientid”: changed to be the “Application ID” of the UserAPI application. I’m not sure if this is the right thing to do or not as the article left it ambiguous where to obtain the value of the client ID from within the Azure portal or whether this value even matters. My assumption is that the Azure Active Directory’s Application ID is to be used as the OAuth2 “clientid”.

Sign In Policy Identifier: changed based on what I named my “Sign In and Sign Up Policy” in the Azure Active Directory B2C Tenant configuration.

After I do all that, I now see a red circle with an exclamation point in it on all of my operations.

Clicking the exclamation point provides me an empty list of available authorizations:

The fact that this list is empty is a clear indicator I did something wrong. I’ll have to look at it with fresh eyes.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s