问题
I have web app written in react which is Single Page Application. Then I have back end API written in .NET core 3.1.
As I mentioned earlier I have web app written in react so this react web app has to call one more API to read some configs. This third application is also a API application written in .NET core 3.1. As soon as web app spins up, it will call this third APP and read configs like API URL of second application and other azure related details. Now this third API app should be protected. Only web app should access this app and not any other users.
So I am trying to find what are the best scenarios available in azure AD. Can someone help me to understand the possible scenarios to handle this?
回答1:
What you seem to want to accomplish at the moment is for the web application to access the third API application. If this is the case, it is simple. The steps are as follows:
First, you need to expose the api of the third API application protected by Azure, which can be configured according to the following process
Azure portal>App registrations>Expose an API>Add a scope>Add a client application
Next, you need to define the manifest of api applications and grant application permissions to your client applications (this is the role permissions you define yourself, you can find it in My APIs when you add permissions). This is the process of defining the manifest.
This is to grant permissions for the client application (You can find your expose api permissions in My APIs.):
Finally, you need to obtain an access token using the client credential flow where no user is logged in:
Parse the token:
回答2:
so as per you description It seems you want to permit only API application to access your third application.
One thing you can do you can create a user group and give acess to your API only and put application restricted to this group only.
See this hope it will help
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions
来源:https://stackoverflow.com/questions/65934246/what-is-the-authentication-authorization-scenario-for-web-app-that-calls-api-wit