In this article, we will learn how to protect our .Net core web APIs by using Azure Active Directory, OAuth2, and Swagger. As we all know that swagger is in-built configured in the .Net 5.0 template so that we don't need to take care of documenting our APIs in this latest .Net 5.0.
So in this article, I will show how we can add extra setup in order to authenticate the APIs using swagger. After setting up the Azure AD we need to add the code for OAuth 2 Authentication.
We are adding a SecurityDefinition with OAuth2 type. And also configuring Authentication URL, Token URL, and Scopes.
Startup.cs
- c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme {
- Type = SecuritySchemeType.OAuth2,
- Flows = new OpenApiOAuthFlows() {
- Implicit = new OpenApiOAuthFlow() {
- AuthorizationUrl = new Uri("https://login.microsoftonline.com/*Tenant ID*/oauth2/v2.0/authorize"),
- TokenUrl = new Uri("https://login.microsoftonline.com/*Tenant ID*/oauth2/v2.0/token"),
- Scopes = new Dictionary < string, string > {
- {
- "*Scope*",
- "Reads the Weather forecast"
- }
- }
- }
- }
- });
This will enable the Authorize button in Swagger UI,
Once you click on the Authorize option we need to provide the ClientID and also select the scopes.
Once we complete it then click on the Authorize button, which will open the Microsoft Active Directory Authentication page, but we might get an error because we need to grant access to Access tokens and Id tokens and we can enable it from Authentication Menu,
Next, we need to configure the Redirect URL which it will redirect after successful Authentication https://localhost:*PortNo*/swagger/oauth2-redirect.html
You can add it under the Authentication, Web, Redirect URLs and save it.
We are adding the security requirement for OAuth2 Setup in the Swagger configuration,
Startup.cs
- c.AddSecurityRequirement(new OpenApiSecurityRequirement() {
- {
- new OpenApiSecurityScheme {
- Reference = new OpenApiReference {
- Type = ReferenceType.SecurityScheme,
- Id = "oauth2"
- },
- Scheme = "oauth2",
- Name = "oauth2",
- In = ParameterLocation.Header
- },
- new List < string > ()
- }
- });
Finally, we need to add the ClientID and client secret key in Swagger UI in order to validate the credentials.
Startup.cs
- app.UseSwaggerUI(c => {
- c.SwaggerEndpoint("/swagger/v1/swagger.json", "AzureAD_OAuth_API v1");
-
- c.OAuthClientId("Client Id");
- c.OAuthClientSecret("Client Secret Key");
- c.OAuthUseBasicAuthenticationWithAccessCodeGrant();
- });
Now we have completed the configuration.
Run the application and you will be able to see the authentication icons on the UI and clicking on them will show the authentication dialog with client Id pre-populated.
Click on Authorize, which will open the Microsoft Sign-in dialog. First, you need to provide the email and the next password. And finally, it will show the permission dialog like this.
Add the credentials to authenticate and get the Access token. Then the open lock symbol changes to a Closed lock symbol,
Output
So this is how we can easily integrate OAuth2 in.Net Core web API, Similar way we can integrate other authentication protocols.
Thank you for reading, please let me know your questions, thoughts, or feedback in the comments section. I appreciate your feedback and encouragement.
Keep learning ....!