Getting Started Backend Sample

Last updated: 20/05/2019
Edit on GitHub

This sample shows how to validate tokens in a backend service.

There's a newer version of this sample! Check it out:

This newer sample takes advantage of the Microsoft identity platform (formerly Azure AD v2.0).

For step by step instructions, see the Microsoft Identity Portal.

About the Basic Backend Service

This sample backend service is an ASP.NET Core web API. .NET Core ships with a library for performing JSON Web Token (JWT) Bearer Authentication. Here are some key highlights from the code:

  1. This code in startup.cs configures JWT Bearer Authentication for all routes: ``` var tokenValidationParameters = new TokenValidationParameters();

// If you wish to restrict access to specific organizations, you must configure a list of valid issuers tokenValidationParameters.ValidateIssuer = false;

var options = new JwtBearerOptions { Audience = Configuration["MicrosoftIdentity:ClientId"], Authority = Configuration["MicrosoftIdentity:Authority"], TokenValidationParameters = tokenValidationParameters };

app.UseJwtBearerAuthentication(options); ```

  1. This code in ClaimsController.cs sends the claims in the token back to the caller: //We have one action method for returning the claims from the current token. public class ClaimsController : Controller { [Authorize] [HttpGet] public object Get() { return User.Claims.Select(x => new { Type = x.Type, Value = x.Value } ); } } You can read more about validating tokens here.

Community Help and Support

We leverage Stack Overflow to work with the community on supporting Azure Active Directory and its SDKs, including this one. We highly recommend you ask your questions on Stack Overflow (we're all on there). Also browse existing issues to see if someone has asked your question already.

We recommend you use the "adal" tag so we see your post. Here is the latest Q&A on Stack Overflow for ADAL:

Security Reporting

If you find a security issue with our libraries or services please report it to with as much detail as possible. Your submission may be eligible for a bounty through the Microsoft Bounty program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting this page and subscribing to Security Advisory Alerts.


All code is licensed under the MIT license and we triage actively on GitHub. We enthusiastically welcome contributions and feedback. You can clone the repo and start contributing now, but check this document first.


Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License (the "License");

We Value and Adhere to the Microsoft Open Source Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact with any additional questions or comments.