Azure Active Directory for Web API and clients using OAuth for multiple environments
Question
I am wondering what the best approach is for handling multiple environments with Azure Active Directory. Is the only way to do this to add an application for the WebAPI and clients for each environment. So for local I would have a localhost-webapi with a sign on like https://localhost/webapi and a client https://localhost/sample that has permissions to https://localhost/webapi . I would then need to do the same for the rest of the environments (dev,test,prod)?
1 answers
solution1
1 ACCPTED 2015-04-28 00:21:08
If I understand your question correctly you have the following Setup:
- In AAD, you have a single tenant where there is a single Web API registered.
- In the same tenant, you have multiple, equivalent client applications registered, which correlate to the different environments you have set-up on your end.
This seems like the correct approach for testing multiple environments. Note that you could register different permission scopes on your Web API to represent permissions that each environment has to your API.
Thus you could have "user_impersonation_dev", "user_impersonation_test", "user_impersonation" and have each of your different applications request those specific permissions to your API. This might help for a cleaner set-up when doing development.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.