Get auth token from azure and use as authorization to call azure services

 In this tutorial I will show how can we generate authentication token from azure and use to call any rest api .

Scenario - Assume our requirement is to get token from azure and download one file from blob container by passing this token .

So Let’s follow below steps 

1. First login on azure portal and need to register an app.

GO to the azure portal and in search type "App Registrations" and click on the icon.

 

 

2. Next click on  "New Registration " and enter required data as below :

 

Name - tokenTestApp

Redirect url is optional here if you want you can enter as below after that click register

3. After successful registered app it will auto redirect to below screen - where you create client secret for this app

 

copy in your local  the value field from the client secret which is required in later stage . it shows only one time so don't forget to copy before leaving above page.

4. Now go to your resource and click on Access control from left menu .Click on Add button 

5. in the Role tab search with blob and you will find related predefined role ,select Storage Blob Data Contributor role and click next 

6. in member tab keep Assign access to default selection , click on select member and type your app name which you have created and click on select button . click review and assign. 

7. Now go back to your home -> App Registration -> Click tokenTestApp and click on API permission from left menu and click Add Permission

8. click on azure storage

9. Keep default selected delegated permission and check user impersonation and click Add Permission.

 Before we move in another section let copy required key value which need to use on later stage:

1.Client Id  & Tenant Id - Go to App Registrations and click on registered app from list ,copy     below in your local PC :

2. Secret Id - copy its value field which mentioned above

 Create Container and upload File which will be used to download later 

1. Go to storage account -> click Container from left menu then click add and enter lower case container name and click on create button

2. Click added container name in the list and upload file 

We have done with all azure side configuration now lets go to coding part where we are going to get token and pass in authorization header and download uploaded file .

1. Open visual studio and create .net core project and enter project name "AzureServiceTokenAuth" click next and create

2. open appsettings.json and replace below keys value 

{

  "AppSettings": {

    "grant_type": "client_credentials",

    "client_Id": "clientId",

    "client_secret": "secret(value)",

    "resource": "https://storage.azure.com/.default",

    "msurl": "https://login.microsoftonline.com/tenantId/oauth2/v2.0/token"

  },

  "Logging": {

    "LogLevel": {

      "Default": "Information",

      "Microsoft": "Warning",

      "Microsoft.Hosting.Lifetime": "Information"

    }

  },

  "AllowedHosts": "*"

}

3. Add AppSettings.cs file and enter below code

namespace AzureServiceTokenAuth

{

    public class AppSettings

    {

        public static AppSettings _settings;

        public AppSettings()

        {

            _settings = this;

        }

        public string grant_type { get; set; }

        public string client_Id { get; set; }

        public string client_secret { get; set; }

        public string resource { get; set; }

        public string msurl { get; set; }

       

    }

}

4. Replace startup.cs with below code

using Microsoft.AspNetCore.Builder;

using Microsoft.AspNetCore.Hosting;

using Microsoft.Extensions.Configuration;

using Microsoft.Extensions.DependencyInjection;

using Microsoft.Extensions.Hosting;

using Microsoft.OpenApi.Models;

namespace AzureServiceTokenAuth

{

    public class Startup

    {

        public Startup(IConfiguration configuration,IWebHostEnvironment env)

        {

            var builder = new ConfigurationBuilder()

           .SetBasePath(env.ContentRootPath)

           .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true);

            Configuration = builder.Build();

        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.

        public void ConfigureServices(IServiceCollection services)

        {

            services.Configure<AppSettings>(Configuration);

            var appSettingsSection = Configuration.GetSection("AppSettings");

            appSettingsSection.Get<AppSettings>();

            services.AddSingleton<IAzureTokenService, AzureTokenService>();

            services.AddControllers();

            services.AddSwaggerGen(c =>

            {

                c.SwaggerDoc("v1", new OpenApiInfo { Title = "AzureServiceTokenAuth", Version = "v1" });

            });

        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)

        {

            if (env.IsDevelopment())

            {

                app.UseDeveloperExceptionPage();

                app.UseSwagger();

                app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "AzureServiceTokenAuth v1"));

            }

            app.UseHttpsRedirection();

            app.UseRouting();

            app.UseAuthorization();

            app.UseEndpoints(endpoints =>

            {

                endpoints.MapControllers();

            });

        }

    }

}

5. Add new class called "AzureTokenResult" with below code

namespace AzureServiceTokenAuth

{

    public class AzureTokenResult

    {      

   

        public string token_type { get; set; }

     

        public string expires_in { get; set; }

        public string ext_expires_in

        {

            get; set;

        }

       

        public string expires_on { get; set; }

     

        public string access_token { get; set; }

    }

    public class TokenStorage // to send back token while downloading file

    {

    public string Token { get; set; }

    }

}

6. Create new class "AzureTokenService" and replace with below code

using Newtonsoft.Json;

using System.Collections.Generic;

using System.IO;

using System.Net.Http;

using System.Threading.Tasks;

namespace AzureServiceTokenAuth

{

    public class AzureTokenService : IAzureTokenService

    {

        private readonly HttpClient _httClient;

        public AzureTokenService()

        {

            _httClient = new HttpClient();

        }

        public async Task<AzureTokenResult> GetToken()

        {

            var dict = new Dictionary<string, string>

                {

                    { "grant_type", AppSettings._settings.grant_type },

                    { "client_id", AppSettings._settings.client_Id },

                    { "client_secret", AppSettings._settings.client_secret },

                    { "scope", AppSettings._settings.resource }

                };

            HttpContent formData = new FormUrlEncodedContent(dict);

            var response = await _httClient.PostAsync(AppSettings._settings.msurl, formData);

            response.EnsureSuccessStatusCode();

            var responseContent = await response.Content.ReadAsStringAsync();

            var result= JsonConvert.DeserializeObject< AzureTokenResult>(responseContent);

            return result;

        }

        public Stream GetStorage(string token)

        {

            _httClient.DefaultRequestHeaders.Add("Authorization", "Bearer " + token);

            _httClient.DefaultRequestHeaders.Add("x-ms-version", "2020-04-08");

            var response = _httClient.GetAsync("azurestorageurl/containername/fileName").Result;

           return response.Content.ReadAsStreamAsync().Result;

        }

    }

}

7. Create new interface "IAzureTokenService" and replace below code

 using System.IO;

using System.Threading.Tasks;

namespace AzureServiceTokenAuth

{

    public interface IAzureTokenService

    {

        Task<AzureTokenResult> GetToken();

        Stream GetStorage(string token);

    }

}

8. Add new controller in controller folder named "AuthTokenController" and replace below code 

using Microsoft.AspNetCore.Mvc;

using Microsoft.Extensions.Logging;

using System.Threading.Tasks;

namespace AzureServiceTokenAuth.Controllers

{

    [ApiController]

    [Route("[controller]")]

    public class AuthTokenController : ControllerBase

    {

        private readonly ILogger<AuthTokenController> _logger;

        private readonly IAzureTokenService _azureTokenService;

        public AuthTokenController(ILogger<AuthTokenController> logger,

            IAzureTokenService azureTokenService)

        {

            _logger = logger;

            _azureTokenService = azureTokenService;

        }

        [HttpGet]

        public IActionResult Get()

        {

            return Ok("success");

        }

        [HttpGet]

        [Route("get-az-token")]

        public async Task<IActionResult> GetToken()

        {

            var result = await _azureTokenService.GetToken();

            return Ok(result);

        }

        [HttpPost]

        [Route("access-storage")]

        public IActionResult GetFiles([FromBody] TokenStorage token)

        {

           var stream= _azureTokenService.GetStorage(token.Token);

            return File(stream, "application/octet-stream", "downloadFile.pdf");

        }

       

    }

}

Now we are done with coding part lets run the project and see the output :

1. Getting token :

Execute above endpoint to get token , copy the below token

call access-storage endpoint and we get your uploaded file in blob storage 

Note : I use storage service just to show how we can use auth token to call azure services ,similarly you can use for other services also.

Thanks and we are done with Auth token and its use.

 you can download all the azure samples code : https://github.com/mkumar8184/azure-sdk-services-samples