What is a difference "Protect API in Azure API Mgmt by OAuth 2.0 auth with AAD" vs secure API built with NET Core by the MS identity platform
[英]What is a difference "Protect API in Azure API Mgmt by OAuth 2.0 auth with AAD" vs secure API built with NET Core by the MS identity platform
问题描述
I am reading microsoft documentation and using their apps / api to secure api using Azure AD.
我正在阅读微软文档并使用他们的应用程序/api 使用 Azure AD 来保护 api。 But I got confused by two different approaches and as articles describe setting up the client app and Api.但是我对两种不同的方法感到困惑,并且文章描述了设置客户端应用程序和 Api。
This article describe " Protect a web API backend in Azure API Management using OAuth 2.0 authorization with Azure Active Directory"
This article describe " Protect a web API backend in Azure API Management using OAuth 2.0 authorization with Azure Active Directory"
link: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad链接: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aadI am following another tutorial and using built application for web app and api, this describe "How to secure a Web API built with ASP.NET Core using the Microsoft identity platform. This sample demonstrates a ASP.NET Core Web App calling a ASP.NET Core Web API that is secured using Azure AD".
I am following another tutorial and using built application for web app and api, this describe "How to secure a Web API built with ASP.NET Core using the Microsoft identity platform. This sample demonstrates a ASP.NET Core Web App calling a ASP.NET Core Web API that is使用 Azure AD 保护”。
It further describe "1. The client ASP.NET Core Web App uses the Microsoft Authentication Library (MSAL) to sign-in and obtain a JWT [Access Tokens]. 2. The [Access Tokens] is used as a bearer token to authorize the user to call the ASP.NET Core Web API protected by Azure AD . It further describe "1. The client ASP.NET Core Web App uses the Microsoft Authentication Library (MSAL) to sign-in and obtain a JWT [Access Tokens]. 2. The [Access Tokens] is used as a bearer token to authorize the user调用 ASP.NET 内核 Web API 受Z3A580F142203677F3333 ADBC30898F6 保护
So I am confused are they two different things if so when to use 2nd option or first 1. Both deals with the Azure AD and claims to protect an api.所以我很困惑,如果使用第二个选项或第一个选项,它们是两个不同的东西。两者都处理 Azure AD 并声称保护 api。
1 个解决方案
解决方案1
0 2022-01-03 08:59:00
The first article you're referring to uses Azure API management, where authentication is taken away from your API and completely configured in API management.您指的第一篇文章使用 Azure API 管理,其中身份验证从您的 API 中取出并完全在 API 管理中配置。 This means you're adding an extra Azure resource type to your eco-system, most probably also adding costs.这意味着您正在向您的生态系统添加额外的 Azure 资源类型,很可能还会增加成本。
In this article, you'll learn how to configure your Azure API Management instance to protect an API, by using the OAuth 2.0 protocol with Azure Active Directory (Azure AD).
Next tot this, API Management adds a lot of other functionality as well.接下来, API Management还添加了许多其他功能。
In the second article you learn how to implement authentication using Microsoft Identity Platform.在第二篇文章中,您将了解如何使用 Microsoft 身份平台实施身份验证。 This way you will not be adding Azure resource types, but you'll have to code the authentication yourself.这样您就不会添加 Azure 资源类型,但您必须自己编写身份验证代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.