I've tried to run the app as per the deployment instructions but it doesn't work. Will you please add some details on what the ida:Tenant should look like. I get a "Response status code does not indicate success: 404 (Not Found).

I have this problem when calling MS Graph on Chrome, but it's working fine for IE and Edge. I did every configuration stuff according to the document. Is there any problem? Thanks!

Used the powershell script to register the application in Azure AD. That worked, but when I run the application and try to login, my login does not succeed and it continuously redirects me back to the login page without an error message.

I am using adal.js with angular. Everything work as expected except the token refreshing.
Indeed, if after 1 hour I do anything that issues an XHR to a protected resource then no more token is sent along with the request and I get stuck with a 401.
Shouldn’t be the token renewed silently by the hidden iframe?

I have tried to use this code my own app but I have this error.

I have literally copied and pasted all the relevants part of the code.

Please see my question here
http://stackoverflow.com/questions/30925978/the-returned-id-token-is-not-parseable

I can get the sample work when using chrome and IE10 mode. But not in latest IE11 with windows 8.1 (with latest update as of today, 2/24/2015), when sessionStorage is used by default. I can get it work if I setup localStorage. I'm not sure if it's because IE11 has a bug with sessionStorage or the login redirect did something tricky when it's IE11.

Hi,

I am struggling to get the following architecture up and running and would love to see a sample that describes how to do it.

• Angular SPA front end, communicates to a (self-hosted) webapi (both SPA and WebApi share the same native app id)
• User login is controlled by adal.js on angular front end.
• WebApi receives the bearer token from the SPA api calls
• WebApi uses the on-behalf of flow to get a new token to call a downstream API

Would love to know if this scenario is feasible, and worth pursuing as a sample app.
Thanks.

Coming Soon
Its been a year
Lots of developers are eager.......
Thanks

Instead of:
git clone https://github.com/Azure-Samples/SinglePageApp-DotNet.git
Shouldn't it be:
git clone https://github.com/Azure-Samples/active-directory-angularjs-singlepageapp.git
?

Works perfect in IE, but fails in Chrome?
Any ideas as to why this might be?

Second, when trying to load Todos list, it pumps out this error on the screen.

{"Message":"An error has occurred.","ExceptionMessage":"An exception occurred while initializing the database. See the InnerException for details.","ExceptionType":"System.Data.DataException","StackTrace":" at System.Data.Entity.Internal.InternalContext.PerformInitializationAction(Action action)\r\n at System.Data.Entity.Internal.InternalContext.PerformDatabaseInitialization()\r\n at System.Data.Entity.Internal.LazyInternalContext.b__4(InternalContext c)\r\n at System.Data.Entity.Internal.RetryAction1.PerformAction(TInput input)\r\n at System.Data.Entity.Internal.LazyInternalContext.InitializeDatabaseAction(Action1 action)\r\n at System.Data.Entity.Internal.LazyInternalContext.InitializeDatabase()\r\n at System.Data.Entity.Internal.InternalContext.Initialize()\r\n at System.Data.Entity.Internal.InternalContext.GetEntitySetAndBaseTypeForType(Type entityType)\r\n at System.Data.Entity.Internal.Linq.InternalSet1.Initialize()\r\n at System.Data.Entity.Internal.Linq.InternalSet1.get_InternalContext()\r\n at System.Data.Entity.Infrastructure.DbQuery1.System.Linq.IQueryable.get_Provider()\r\n at System.Linq.Queryable.Where[TSource](IQueryable1 source, Expression1 predicate)\r\n at TodoSPA.Controllers.TodoListController.Get() in c:\\temp\\ADAL.js\\SinglePageApp-AngularJS-DotNet-master\\TodoSPA\\Controllers\\TodoListController.cs:line 23\r\n at lambda_method(Closure , Object , Object[] )\r\n at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.<GetExecutor>b__9(Object instance, Object[] methodParameters)\r\n at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.Execute(Object instance, Object[] arguments)\r\n at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary2 arguments, CancellationToken cancellationToken)\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter1.GetResult()\r\n at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter1.GetResult()\r\n at System.Web.Http.Controllers.ActionFilterResult.d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter1.GetResult()\r\n at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter1.GetResult()\r\n at System.Web.Http.Dispatcher.HttpControllerDispatcher.d__1.MoveNext()","InnerException":{"Message":"An error has occurred.","ExceptionMessage":"The underlying provider failed on Open.","ExceptionType":"System.Data.Entity.Core.EntityException","StackTrace":" at System.Data.Entity.Core.EntityClient.EntityConnection.Open()\r\n at System.Data.Entity.Core.Objects.ObjectContext.EnsureConnection(Boolean shouldMonitorTransactions)\r\n at System.Data.Entity.Core.Objects.ObjectContext.ExecuteInTransaction[T](Func1 func, IDbExecutionStrategy executionStrategy, Boolean startLocalTransaction, Boolean releaseConnectionOnSuccess)\r\n at System.Data.Entity.Core.Objects.ObjectQuery1.<>c__DisplayClass7.b__5()\r\n at System.Data.Entity.SqlServer.DefaultSqlExecutionStrategy.Execute[TResult](Func1 operation)\r\n at System.Data.Entity.Core.Objects.ObjectQuery1.GetResults(Nullable1 forMergeOption)\r\n at System.Data.Entity.Core.Objects.ObjectQuery1.<System.Collections.Generic.IEnumerable.GetEnumerator>b__0()\r\n at System.Data.Entity.Internal.LazyEnumerator1.MoveNext()\r\n at System.Linq.Enumerable.FirstOrDefault[TSource](IEnumerable1 source)\r\n at System.Data.Entity.Core.Objects.ELinq.ObjectQueryProvider.b__1[TResult](IEnumerable1 sequence)\r\n at System.Data.Entity.Core.Objects.ELinq.ObjectQueryProvider.ExecuteSingle[TResult](IEnumerable1 query, Expression queryRoot)\r\n at System.Data.Entity.Core.Objects.ELinq.ObjectQueryProvider.System.Linq.IQueryProvider.Execute[TResult](Expression expression)\r\n at System.Data.Entity.Internal.Linq.DbQueryProvider.Execute[TResult](Expression expression)\r\n at System.Linq.Queryable.FirstOrDefault[TSource](IQueryable1 source)\r\n at System.Data.Entity.Internal.EdmMetadataRepository.QueryForModelHash(Func2 createContext)\r\n at System.Data.Entity.Internal.InternalContext.QueryForModelHash()\r\n at System.Data.Entity.Internal.ModelCompatibilityChecker.CompatibleWithModel(InternalContext internalContext, ModelHashCalculator modelHashCalculator, Boolean throwIfNoMetadata, DatabaseExistenceState existenceState)\r\n at System.Data.Entity.Internal.InternalContext.CompatibleWithModel(Boolean throwIfNoMetadata, DatabaseExistenceState existenceState)\r\n at System.Data.Entity.Database.CompatibleWithModel(Boolean throwIfNoMetadata, DatabaseExistenceState existenceState)\r\n at System.Data.Entity.Database.CompatibleWithModel(Boolean throwIfNoMetadata)\r\n at System.Data.Entity.DropCreateDatabaseIfModelChanges1.InitializeDatabase(TContext context)\r\n at System.Data.Entity.Internal.InternalContext.<>c__DisplayClassf1.b__e()\r\n at System.Data.Entity.Internal.InternalContext.PerformInitializationAction(Action action)","InnerException":{"Message":"An error has occurred.","ExceptionMessage":"Cannot attach the file 'C:\temp\ADAL.js\SinglePageApp-AngularJS-DotNet-master\TodoSPA\App_Data\TodoListServiceContext.mdf' as database 'TodoListServiceContext'.","ExceptionType":"System.Data.SqlClient.SqlException","StackTrace":" at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)\r\n at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection)\r\n at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)\r\n at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource1 retry, DbConnectionOptions userOptions)\r\n at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource1 retry, DbConnectionOptions userOptions)\r\n at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource1 retry)\r\n at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource1 retry)\r\n at System.Data.SqlClient.SqlConnection.Open()\r\n at System.Data.Entity.Infrastructure.Interception.DbConnectionDispatcher.b__36(DbConnection t, DbConnectionInterceptionContext c)\r\n at System.Data.Entity.Infrastructure.Interception.InternalDispatcher1.Dispatch[TTarget,TInterceptionContext](TTarget target, Action2 operation, TInterceptionContext interceptionContext, Action3 executing, Action3 executed)\r\n at System.Data.Entity.Infrastructure.Interception.DbConnectionDispatcher.Open(DbConnection connection, DbInterceptionContext interceptionContext)\r\n at System.Data.Entity.Core.EntityClient.EntityConnection.b__2()\r\n at System.Data.Entity.SqlServer.DefaultSqlExecutionStrategy.<>c__DisplayClass1.b__0()\r\n at System.Data.Entity.SqlServer.DefaultSqlExecutionStrategy.Execute[TResult](Func`1 operation)\r\n at System.Data.Entity.SqlServer.DefaultSqlExecutionStrategy.Execute(Action operation)\r\n at System.Data.Entity.Core.EntityClient.EntityConnection.Open()"}}}

I've configured this sample as per the documentation and I can login no problem and use the User menu option to see the users details etc.

However when I click on the Todo List I get a message {"Message":"Authorization has been denied for this request."} and is returning a 401 in the browser; Setting a break point side the TodoListController confirms there no principal available.

I do see the following in the console window in the browser as well 👍

The returned id_token is not parseable. adal.js:959

I've check that the tenant and the clientid are the same in both the web.config and the app.js.

Again?!

The current library implementation only supports a single tenant. Would like the library to support multi-tenant as well. In addition, what changes with regards to the OWIN AppBuilder extensions to support this as the sample is expecting server side 'known' Tenant ID.

This is the message I get when I try to hit the Todo List page. It was happening repeatedly on my own app, so I grabbed the most basic sample app (this) and tried to run it. I cannot get access to the API controller. I followed the directions and started a new app from scratch just to make sure.

Is there a way to get more info on why it might be failing? I'm at a complete loss.

Hi Everyone,

Do we have any examples on .net Core 2.0 since there have been a lot of changes out there?

Thanks

As mentioned in the pull request it would be great to have a gitter room for general conversation on that single page app repo

Hi. I'm getting this exception when I try to connect consecutively for the first time to 2 different Web API's from the SPA. I'm calling the services via a resolve in my routeconfig. It works when I refresh the page.

Additional Information: Audience validation failed. Audiences: [Api2]. Did not match: validationParameters.ValidAudience: [Api1] or validationParameters.ValidAudiences: 'null'

Hope you can tell me if I'm doing something wrong. Thanks

PLEASE THE COMMUNITY NEEDS EXAMPLE WITHOUT VISUAL STUDIO AT ALL, WITHOUT WINDOWS....

Can you please make official doc with react and redux as well?

This example is exactly what I need for a project, but I've been unable to get it working. The error message is the 'Tenant' option must be provided. I've provided the Tenant option in the StartupAuth as shown below:

app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Audience = ConfigurationManager.AppSettings[""],
Tenant = ConfigurationManager.AppSettings[""]
});

Tenant name is my Azure AD tenant name and client id is my id as registered with the app. Any hints about why this might not be working? Any help appreciated.

I cant run the example on a Visual Studio 2017 on a Mac, I'm facing this error:

Hi I wanted to know if I can configure WS-Federation metadata xml obtained from azure ACS in this sample as below
adalProvider.init(
{
instance: 'https://sample.accesscontrol.windows.net/FederationMetadata/2007- 06/FederationMetadata.xml',
tenant: 'adfs', // this should be adfs
clientId: 'https://localhost:44359/'
}
If yes do I need to add additional settings?

Hi,
I am not sure if so many are listening here, but I believe my question might be of general interest:
I am writing a small app that needs to be working offline.
I have set up the caching to be done:
html lang="en-us" ng-app="myApp" manifest="appcache.manifest"

The files are stored on an Azure web site, and my desire is to have some kind of authentication of the users. I have tried the Azure AD Web site authentication, to protect the site itself. That works pretty well, even if I still am unsure on how to identify the user in my app. The login via Azure etc. works fine, but then I guess there should be some code to save the returned token. I suspect ths token is being sent to the Azure web site (which is not what I want, I need it locally in my app).

I went on to explore the ADAL JS functions, but after following the guides i get an error:
aadsts90002: No service namespace named was found in the data store.
I am not sure what it means..

In conclusion I'd like some advice o what the best method would be to be able to identify the Azure user, in an offline capable web app, hosted on Azure as a web site!

Hello i have implemented the ADFS 2016 and the sample.
The login works and the userdata page works (get all user info) but when i tried to go to the todo page it display a 401 for the get query /api/TodoList.
Can anyone help me please.
Thanks,

The Audience property has been obsolete and needs to be replaced by ValidAudience.

Followed all instructions diligently as per below.

1. Was working when on localhost but does not work when deployed to 2 separate domains:

• shailenclient.azurewebsites.net and shailenservice.azurewebsites.net

WORKS if I remove [Authorize] and leave [EnableCors(origins: "", headers: "", methods: "*")]

I am pretty sure that it is related to config but cannot figure out what..
If I leave [Authorize] on the controller, I get this message:
"Authorization has been denied for this request"

Fiddler shows bearer token is passed on Request header & it passed pre-flight check
[Bearer eyJ0eXA....]

Client
web.config, ida:tenant set correctly (check). '99e60913-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
ida:Audience set to client id of client app (check)

configured permission to service.

app.js
var endpoints = {
"https://shailenservice.azurewebsites.net/": // service url
"https://.onmicrosoft.com/Shailen.Service",
};
adalProvider.init(
{
instance: 'https://login.microsoftonline.com/',
tenant: '.onmicrosoft.com',
clientId: '99e60913-xxxx-xxxx-xxxx-xxxxxxxxxxxx', // client app id
extraQueryParameter: 'nux=1',
endpoints: endpoints,
cacheLocation: 'localStorage'
},
$httpProvider
);
Service
web.config, ida:tenant set correctly (check). ida:Audience set to audience of service app (check) : https://tenant.onmicrosoft.com/Shailen.Service
CORS:
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
config.EnableCors();
..}

Controller
[Authorize]
[EnableCors(origins: "", headers: "", methods: "*")]
public class ValuesController : ApiController
{ .. }

Note: For both client and service, ensured that "Enable Organization Authentication" is unchecked when publishing application as I have set it up manually.

Hi,

I can only view the index page. When I clicked on "login", or "Todo List" tab, nothing happened. Can anyone give hints?

Why do you have this so you must provide username and password to clone it?

I tried to integrate it into my personal project and it has failed thus far (it has knocked out my ng-view, and none of my login modals pop up anymore), and so I tried to download the sample application and it simply does not work due to an error in Startup.Auth.cs, with a 404 error indicating that it does not return success. Any help would great. Cheers!

if i didn't mention the ng-controller in the body for html login fails

this is my config:
fo

.when('/login', {
                        templateUrl: 'login.tpl.html',
                        controller: 'LoginCtrl'
                    })

login.tpl.html contains a button with an action in the controller loginWithAdal

$scope.loginWithAdal = function(){
             adal.login
}

ADAL will work fine if i put controller in the body : <body ng-controller="LoginCtrl">

But when I use <body> adal will not work and return a message saying that The returned id_token is not parseable.

I am developing a SPA that use AAD for authentication and then call an Web API. I was wondering if it is possible to add domain_hint or login_hint for the OAuth2 authorize action to avoid Home Realm prompt? If yes, where do in the code I should include this? Thanks for your help.

This sample doesn't work on IE8, as I figured out that it's ADAL which is causing the problem, any solution for this ?

Additional technical information:
Correlation ID: c2423490-3795-4097-9100-c8a6d0fabcc8
Timestamp: 2017-08-23 19:17:29Z
AADSTS70001: Application with identifier '0abb4c32-97b5-432b-a6ea-42ca08be' was not found in the directory ********.onmicrosoft.com

i am trying to use this sample with my application.

Getting Error in here..
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Audience = ConfigurationManager.AppSettings["ida:Audience"],
Tenant = ConfigurationManager.AppSettings["ida:Tenant"]
});
Error:
Response status code does not indicate success: 404 (Not Found).

here is my web.config

What i am Doing wrong ?

The sample does not demonstrate use of ADAL JS without Angular.
The team has in the backlog the creation of a new sample showing direct ADAL JS use.

Sorry, but we’re having trouble signing you in.

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: '09a0fb5b-46ff-4fe1-9d69-65f4719daccc'.

I have an onbehalfof web api working very well, trying to call that API from my angular client, did every configuration, and added permission to the Web API also. The angular client can also get access to MS Graph, but not able to call my local host onbehalfof API. If anyone can help that would be appreciate!

Hi This example does not work.

It makes it to azure authentication page where one enters user id and password, but fails after that with very unhelpful correlation id.

Is this example missing something. I have other examples working fine from this AZ tenant, for instance using Office 365 expense manager example works just fine. So my creds are correct, I have double checked them several times over.

Have things changed on the microsoft azure end, and is this example missing the actual app key? I noticed that you enter the tenant, the client id, but the app key is not included? Could this be the case?

regardless, it does not work.

@dstrockis: Latest version has two files now: adal.js and adal-angular.js
Can you update the sample for that?

Minor bug in Index.html on line 31 prevents log out functionality from working.

ng-click="logOut()"

should be:

ng-click="logout()"

Hi , I need your help. Before i move further first i will tell about our project. Actually we are using Restful Web API at the backend. It is restful by the name only, for our benefits we are using Redis (cache) to manage session. This session is fully controlled by us and it is a key value pair mapped with user identity.

At the front end we are using Angular SPA. This app does not contains any web api, or any api controller. When this app starts we intialized some Side Bar and Header Bar on to the the view. This side bar and header bar contains some options to navigate through the application. To generate this side bar and header bar secured Web api is used (disscussed above).

Only after generating side bar and header nav that routing will takes place for consecutive navigation and requests. All other consecutive requests are dependent on some data that is set at the time of side bar and header bar is generated. (We are actully following John Papa clean coding pattern.)

Our API is secured with Azure Active Directory Identity Provider.
And we are using ADAL to secure our front end routes.

Now we come to the problem: approx in one hour ADAL trying to renew the token, that is successful. But when it redirect to our app, the app will reinitialized and all the side bar , header bar are goes out and app come to the initial state. Because current request is depending upon previously stored data so current request is also not fullfilled.

Please suggest me some solution.

How can I adapt this example to use ADFS 2016 On Premise?