This is part 3 in a series of posts about writing service brokers in .NET Core.
This post is sort of a follow up on a previous post where I attempted to prevent a duplicate login when accessing both Azure Resource Manager and Azure AD in the same PowerShell script, still without success by the way.
UPDATE (2018-02-12): The method described below does not work, unfortunately.
Connect-AzureAD runs without error but the AD context you get is not authorized to perform AD operations.
In [part 1] of this post I described how to solve the first part of the problem: making sure the JWT token we got from ADAL JS gets sent to the server (i.e. the SignalR hub). Part 2 describes how the server extracts the token, validates it and creates a principal out of it. In another post I already described how to configure an Owin middleware pipeline that does exactly this: via UseWindowsAzureActiveDirectoryBearerAuthentication (and if you Google this extension method you'll find a lot more information).