How to handle authentication between API and Client in Azure

白昼怎懂夜的黑 提交于 2021-02-11 14:13:54

问题


I'm not really sure what to call this but basically I have a service app that just serves up an API while occasional calling external APIs in the background to keep the data updated. Aside from authenticating to the external APIs there is no other authentication on this app.

Then, I have a front end app that uses the API of the service app to get data and display it to the user, and optionally modify some of the data. This app is setup to authenticate against Azure AD and has app roles setup to restrict access to various sections.

How would I secure the service app API so only calls from the front end app are served, and everything else gets rejected with 401?


回答1:


You can protect the API by using OAuth with Azure AD. The below overview can help you out with your scenario:

  1. Register an application in Azure AD to represent the API. Reference

Basically in this step, you will be making sure only the application (your app) who has permission can access the API.

  1. Register another application in Azure AD to represent a client application. Reference.

In this step, you are creating another application representing your app so that trust can be created between API and your app.

  1. Grant permission in Azure AD. Reference.

In this step, you are giving permission to your app to access your API.

  1. Make use of Client Credential flow to authenticate your app to your API. Reference.

In this step, you will be configuring your app with the information of Azure AD application of the API. Using that information, you will be retrieving access token and you need to pass this access token to your API.



来源:https://stackoverflow.com/questions/60467230/how-to-handle-authentication-between-api-and-client-in-azure

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!