'authority' should be in Uri format Parameter name: authority

c# asp.net-mvc azure azure-active-directory adal

12,892

You need to pass Authority to AuthenticationContext() instead of aadInstance:

// Instantiate an AuthenticationContext for my directory (see authString above).
AuthenticationContext authenticationContext = new AuthenticationContext(authority, false);

12,892

Author by

Luis Valencia

Updated on June 14, 2022

Comments

Luis Valencia almost 2 years

I developed my mvc app based on this example: https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet

Authentication works perfect with Azure AAD, and I can see the user is logged on:

http://screencast.com/t/v7G6OgXC

However in the following controller I want to print out some APP properties, and I get the error above

'authority' should be in Uri format Parameter name: authority Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.ArgumentException: 'authority' should be in Uri format Parameter name: authority

The code I have in the controller is like this:

using Microsoft.Azure.ActiveDirectory.GraphClient;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.IdentityModel.Protocols;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Globalization;
using System.Linq;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;

namespace PruebasAD.Controllers
{
    public class ActiveDirectoryController : Controller
    {
        private static string azureAdGraphApiEndPoint = ConfigurationManager.AppSettings["ida:AzureAdGraphApiEndPoint"];
        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private static string appKey = ConfigurationManager.AppSettings["ida:AppKey"];

        // GET: ActiveDirectory
        public ActionResult GetAzureAadApp()
        {
            // Instantiate an instance of ActiveDirectoryClient.
            Uri serviceRoot = new Uri(azureAdGraphApiEndPoint);
            ActiveDirectoryClient adClient = new ActiveDirectoryClient(
                serviceRoot,
                async () => await GetAppTokenAsync());

            // Create the extension property
            string extPropertyName = "VehInfo";
            ExtensionProperty extensionProperty = new ExtensionProperty()
            {
                Name = extPropertyName,
                DataType = "String",
                TargetObjects = { "User" }
            };

            Application app =(Application)adClient.Applications.Where(
                    a => a.AppId == clientId).ExecuteSingleAsync().Result;

            if (app == null)
            {
                throw new ApplicationException("Unable to get a reference to application in Azure AD.");
            }

            return View(app);
        }

        private static async Task<string> GetAppTokenAsync()
        {
            string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
            string appKey = ConfigurationManager.AppSettings["ida:AppKey"];
            string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
            string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
            string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
            string azureAdGraphApiEndPoint = ConfigurationManager.AppSettings["ida:AzureAdGraphApiEndPoint"];
            // This is the resource ID of the AAD Graph API.  We'll need this to request a token to call the Graph API.
            string graphResourceId = ConfigurationManager.AppSettings["ida:GraphResourceId"];

            string Authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

            // Instantiate an AuthenticationContext for my directory (see authString above).
            AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);

            // Create a ClientCredential that will be used for authentication.
            // This is where the Client ID and Key/Secret from the Azure Management Portal is used.
            ClientCredential clientCred = new ClientCredential(clientId, appKey);

            // Acquire an access token from Azure AD to access the Azure AD Graph (the resource)
            // using the Client ID and Key/Secret as credentials.
            AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(azureAdGraphApiEndPoint, clientCred);

            // Return the access token.
            return authenticationResult.AccessToken;
        }
    }


    public class CompanyInfo
    {
        public int Nit;
        public string Nombre;
    }
}

and the web.config with some things changed for security

<add key="ida:GraphResourceId" value="https://graph.windows.net" />
    <add key="ida:GraphUserUrl" value="https://graph.windows.net/{0}/me?api-version=2013-11-08" />
    <add key="ida:ClientId" value="xx-b1aa-42ab-9693-6c22d01ca338" />
    <add key="ida:AppKey" value="xx/6Vsq0CuhQyYVcR5Vggw=" />
    <add key="ida:Tenant" value="xx.onmicrosoft.com" />
    <add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" />
    <add key="ida:PostLogoutRedirectUri" value="https://localhost:44300/" />
    <add key="ida:AzureAdGraphApiEndPoint" value="https://graph.windows.net/xx-d5f0-453b-8f60-2be9b41b2ea0" />