[英]Calling an Azure AD Protected API from Logic App using Managed Identity
We are having an Azure AD Protect API which is hosted on prem.我们有一个托管在本地的 Azure AD Protect API。 We have a requirement to call this API from Logic App.
我们需要从 Logic App 调用此 API。 We have currently created or registered a new client App in App Registration for this logic App and have provided the necessary permissions and have called API passing the Bearer Token.
我们目前在应用注册中为此逻辑应用创建或注册了一个新的客户端应用,并提供了必要的权限并调用了传递承载令牌的 API。
My question, is there a way we can leverage Managed Identity for Logic App (either User Assigned or System Assigned) for calling the API?我的问题是,有没有一种方法可以利用逻辑应用程序的托管标识(用户分配的或系统分配的)来调用 API?
Yes there is.就在这里。 I wrote an article on the topic (though it is not specific to Logic Apps): https://joonasw.net/view/calling-your-apis-with-aad-msi-using-app-permissions .
我写了一篇关于这个主题的文章(虽然它不是特定于逻辑应用程序): https : //joonasw.net/view/calling-your-apis-with-aad-msi-using-app-permissions 。
You will need to create an appRoleAssignment that gives an application permission to your managed identity service principal.您将需要创建一个appRoleAssignment ,为您的托管标识服务主体提供应用程序权限。 To do this, we must use PowerShell or Microsoft Graph API.
为此,我们必须使用 PowerShell 或 Microsoft Graph API。 With Azure AD PowerShell , we can do this:
使用Azure AD PowerShell ,我们可以做到:
Connect-AzureAD
New-AzureADServiceAppRoleAssignment -ObjectId $miSpId -Id $appRoleId -PrincipalId $miSpId -ResourceId $targetApiSpId
There we have 3 arguments you need to find:我们需要找到 3 个参数:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.