adal-angular4 | Angular 4/5/6/7 ADAL Wrapper | Build Tool library

In case of the router below, is it possible to set an alternative route (like / for instance) for when AdalGuard disallows access to route /int or to one of its children routes?

I knew I could do this inside the guard class, by calling .navigateByUrl() inside of it or returning a UrlTree. But in this case AdalGuard comes from package 'adal-angular4', so I can't do such thing.

Is there something like an 'Else' or 'Catch' pointer to another route, that I could put inside the definition of the guarded route?

Thank you very much.

app-routing.module.ts

I have an angular 8 application under Visual Studio Professional 2017 Aspnet Core. If I run the application via angular cli with ng serve (or npm start) it works well, I can access the application. But if I try to start it with debug on Visual Studio with IIS, it never starts. Only error I got is {"error":"The Angular CLI process did not start listening for requests within the timeout period of XXX seconds. Check the log output for error information."}

I wrote XXX seconds because it is not about timeout, application never starts whatever timeout I set. I updated angular core packages to latest, updated Visual Studio 2017 to latest, deleted the dist folder, deleted node modules, basically tried everything I saw in the internet.

My core version is: 2.2.101

And I run Visual Studio as administrator.

Same code is working wonderfully in my colleague's PC.

Here is my Startup.cs

I am using following package to implement Azure AD auth in an Angular application:

https://www.npmjs.com/package/adal-angular4

After 10-20 minutes the token expires. There is another thread where the discuss something similar, but I simply cant find a valid solution. To be honest when reading the post I am not even sure if it is possible due to the nature of implicit flow. All pointers are welcome.

Angular 2 ADAL token refresh, for implicit flow (using "adal-angular4")

I have my authredirect page where Azure redirects to:

I have built a simple angular app and for authentication, I authenticate against AzureAD using use the npm package adal-angular4

When authentication happens, the user gets sent to https://login.microsoftonline.com they login and get sent back to the agulare app which causes a reload/recompile which will cause a load time delay, only short but the overall load time experience is doubled.

As you can see above :

• login is loaded (localhost)
• app is compiled
• user taken to login screen (azuread)
• user logs in and user is taken back to login (localhost)
• app is complied

The load gap between main.bundle.js and background' is a simple way to show the compile time, its only a VERY TIME but I have a VERY FAST PC.

What can be done to avoid the recompile? My thoughts are

• Do all the auth in the index.html (eg, pre first load of APP) and just save the JWT token to the session storage
• Find an angular packages do this via an IFRAME

Anyone got any thoughts on this? maybe adal-angular4 should use an IFRAME?

Some more details

Example of adal-angular4

Microsofts anglurejs example which uses this javascrit maybe this is a good starting place for a pure JavaScript solutoon thats executed from the index.html.

I have a SPA (angular 7) and an API (.Net Core) which I authenticate with Azure AD. I'm using adal-angular4 to integrate my angular application with AAD.

Everything works great, but I'm also using SignalR with the API as server and when I try to connect from my SPA I get 401 Unauthorized on the negotiate "request" and I get this back in the Response Headers:

The request contains my Bearer token in the Authorization header, and when I run the token through jwt.io, I can see that the "aud" value is the Azure AD ClientId for my SPA.

All regular request to the API contains the same token and I have no issues with those. I have [Authorize] on all my Controllers and on my Hub, but it's only the SignalR Hub that causes this issue.

My server Startup:

On Windows, angular 6: I tried use many port but no any port work. I always receive error message: Port xxx is already in use. Use '--port' to specify a different port.

I also researched and tried many ways: - turn of firewall - using netstat to view ports and no any process use them - change other version of angular-cli, typescript in package.json But no solution for this.

This is my package.json file:

I am building an application using angular and spring boot. I need to use Azure AD for SSO from frontend then secure the spring boot services using the token. (In short my angular will connect with office 365 to login and then the user will authenticate connect with spring security, where it will verify the token, if valid it will give a response.) In angular, I am using adal-angular4 and in spring boot azure-active-directory-spring-boot-starter. Also, how to register the application(Frontend and backend) in Azure AD portal.

I am tried using some article. I get the response from the postman when I hit the URL using the token.

I'm using adal-angular4 on the frontend to login and that works, it's successful and through the process it doesn't ask me if I want to use my business account or my personal account and afaik there's no 'persona' account with the email I'm trying to login.

The app itself is configured to allow only B2B and I have the endpoint configured as 'common';

Now, I am sending that token to the backend where I have passport-azure-ad and again I have configured everything as B2B and I have tried both common endpoints. Everytime, the shape of the token does not have the properties listed by the types provided in @types;

And in the token details I can see: idp: 'live.com' which makes it seem like I have logged in with my personal account actually?

I've also tried with a different B account and it seems that the shape of the token is correct and has no 'idp: 'live.com' property.

So it seems to me:

• The app in the FE shouldn't let me login with a personal account(???)
• The login screen should still let me choose between personal/business account
• Passport plugin shouldn't return 'token verified' if its a personal account? whilst I configured it to be b2b everywhere?

How can I enforce B2B accounts? Screenshot of my config in the azure portal.

I've got a web app written in Angular 6 using the adal-angular4 package to perform authentication via AAD. I am trying to get the UI to communicate with a backend service using this token. However, I keep getting a 401 Unauthorized response when trying to call the server's APIs even when all of the validation should be turned off. Inspecting the token with jwt.io yields an "invalid signature" error at the bottom of the page, but otherwise the token is readable.

As for AAD configuration, both the frontend app and backend service are registered as separate AAD apps, so any references to clientId or clientAppId refer to the client's application id while apiServiceId refers to that of the backend service. I have also exposed a scope in the backend app registration, added an API permission to the frontend app registration for that scope, and authorized the frontend app in the backend app. I have also enabled implicit grant for both id tokens and access tokens for both services. Here's the relevant code:

app.module.ts: