WVD API Authentication

%3CLINGO-SUB%20id%3D%22lingo-sub-1084748%22%20slang%3D%22en-US%22%3EWVD%20API%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1084748%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20aspnetcore%20app%20that%20I'm%20writing%20and%20would%20like%20to%20be%20able%20to%20manage%20WVD%20resources.%20The%20problem%20I'm%20having%20is%20that%20the%20Bearer%20token%20I'm%20getting%20from%20Msal%20is%20giving%20me%20a%20401%20when%20I%20try%20to%26nbsp%3B%3C%2FP%3E%3CP%3EGET%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Ffeeddiscovery%2Fwebfeeddiscovery.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Ffeeddiscovery%2Fwebfeeddiscovery.aspx%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20thought%20maybe%20I%20needed%20to%20add%20an%20API%20permission%20to%20my%20app%20in%20azure%2C%20but%20I've%20already%20added%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmanagement.azure.com%2Fuser_impersonation%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fmanagement.azure.com%2Fuser_impersonation%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3BAnd%20I%20cant%20seem%20to%20locate%20anything%20that%20suggests%20it%20might%20work%20for%20WVD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMaybe%20I'm%20way%20off%20track%20though.%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20tried%20looking%20at%20the%20source%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FRDS-Templates%2Ftree%2Fmaster%2Fwvd-templates%2Fwvd-management-ux%2Fdeploy%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FRDS-Templates%2Ftree%2Fmaster%2Fwvd-templates%2Fwvd-management-ux%2Fdeploy%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20its%20been%20compiled%20and%20minified%2C%20so%20thats%20proving%20to%20be%20difficult.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20getting%20a%20valid%20token%20to%20call%20the%20WVD%20Rest%20API%20would%20be%20greatly%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFull%20Code%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3Evar%20token%20%3D%20await%20TokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(new%5B%5D%20%7B%20%22%3CA%20href%3D%22https%3A%2F%2Fmrs-Prod.ame.gbl%2Fmrs-RDInfra-prod%2Fuser_impersonation%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmrs-Prod.ame.gbl%2Fmrs-RDInfra-prod%2Fuser_impersonation%3C%2FA%3E%22%20%7D)%3B%0Avar%20httpClient%20%3D%20new%20HttpClient()%3B%0AhttpClient.BaseAddress%20%3D%20new%20Uri(%22%3CA%20href%3D%22https%3A%2F%2Frdweb.wvd.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Frdweb.wvd.microsoft.com%2F%3C%2FA%3E%22)%3B%0AhttpClient.DefaultRequestHeaders.Authorization%20%3D%20new%20AuthenticationHeaderValue(%22Bearer%22%2C%20%24%22%7Btoken%7D%22)%3B%0Avar%20result%20%3D%20await%20httpClient.GetAsync(%22api%2Fhubdiscovery%2Feventhubdiscovery.aspx%22)%3B%0Aresult%20%3D%20await%20httpClient.GetAsync(%22api%2Ffeeddiscovery%2Fwebfeeddiscovery.aspx%22)%3B%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1090821%22%20slang%3D%22en-US%22%3ERe%3A%20WVD%20API%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1090821%22%20slang%3D%22en-US%22%3EOmg%20I%20just%20figured%20it%20out%20by%20comparing%20the%20token%20I%20got%20from%20the%20msft%20rdweb%20application%3A%3CBR%20%2F%3E%3CBR%20%2F%3EFrom%20the%20RDWeb%20App%3A%3CBR%20%2F%3E%22aud%22%3A%20%22%3CA%20href%3D%22https%3A%2F%2Fmrs-prod.ame.gbl%2Fmrs-RDInfra-prod%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmrs-prod.ame.gbl%2Fmrs-RDInfra-prod%3C%2FA%3E%22%2C%3CBR%20%2F%3E%3CBR%20%2F%3EFrom%20my%20App%3A%3CBR%20%2F%3E%22aud%22%3A%20%22%3CA%20href%3D%22https%3A%2F%2Fmrs-Prod.ame.gbl%2Fmrs-RDInfra-prod%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmrs-Prod.ame.gbl%2Fmrs-RDInfra-prod%3C%2FA%3E%22%2C%3CBR%20%2F%3E%3CBR%20%2F%3E....%3CBR%20%2F%3EYes%20I%20was%20using%20an%20uppercase%20P%20in%20-%20mrs-Prod.%20And%20the%20msft%20app%20was%20using%20a%20lowercase%20p%20in%20mrs-prod.%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20flabbergasted%2C%20angry%20and%20excited%20all%20at%20the%20same%20time.%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20the%20record%20I%20copied%20my%20value%20directly%20from%20Azure%20in%20my%20apps%20api%20permissions%20screen.%3C%2FLINGO-BODY%3E
Occasional Contributor

I have a aspnetcore app that I'm writing and would like to be able to manage WVD resources. The problem I'm having is that the Bearer token I'm getting from Msal is giving me a 401 when I try to 

GET https://rdweb.wvd.microsoft.com/api/feeddiscovery/webfeeddiscovery.aspx

 

 

 

I thought maybe I needed to add an API permission to my app in azure, but I've already added:

https://management.azure.com/user_impersonation

 

 

 

 And I cant seem to locate anything that suggests it might work for WVD.

 

Maybe I'm way off track though. 

I've tried looking at the source:
https://github.com/Azure/RDS-Templates/tree/master/wvd-templates/wvd-management-ux/deploy 

 

But its been compiled and minified, so thats proving to be difficult.

 

Any help getting a valid token to call the WVD Rest API would be greatly appreciated.

 

Full Code:

 

var token = await TokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(new[] { "<a href="https://mrs-Prod.ame.gbl/mrs-RDInfra-prod/user_impersonation" target="_blank">https://mrs-Prod.ame.gbl/mrs-RDInfra-prod/user_impersonation</a>" });
var httpClient = new HttpClient();
httpClient.BaseAddress = new Uri("<a href="https://rdweb.wvd.microsoft.com/" target="_blank">https://rdweb.wvd.microsoft.com/</a>");
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", $"{token}");
var result = await httpClient.GetAsync("api/hubdiscovery/eventhubdiscovery.aspx");
result = await httpClient.GetAsync("api/feeddiscovery/webfeeddiscovery.aspx");
1 Reply
Omg I just figured it out by comparing the token I got from the msft rdweb application:

From the RDWeb App:
"aud": "https://mrs-prod.ame.gbl/mrs-RDInfra-prod",

From my App:
"aud": "https://mrs-Prod.ame.gbl/mrs-RDInfra-prod",

....
Yes I was using an uppercase P in - mrs-Prod. And the msft app was using a lowercase p in mrs-prod.

I'm flabbergasted, angry and excited all at the same time.

For the record I copied my value directly from Azure in my apps api permissions screen.