stackoom
  简体   繁体   中英

Azure web service to Azure web service authenticated requests

 原文  2018-05-16 12:27:56       c#/ asp.net/ azure/ asp.net-core/ azure-authentication

Question

I have an Azure-based .NET Core Web API application that I want to communicate with an Azure-based MVC5 application. The MVC5 application requires its clients to have a credential in our Azure AD instance. We connect to this app with our SSO Azure AD credentials.

The .NET Core app does not authenticate against Azure; there's no credential pass-through possible for its consumers. BUT... it's hosted in the same Azure instance, so it seems like I should be able to send an authenticated request from the web api to the MVC app with relative ease.

The documentation on this is quite confusing though. There's talk about x.509 certs (this really doesn't seem necessary), OAuth 2.0 grants and flows (I may not be able to get around that, I don't know)... but is there some simple, relatively "brainless" way to have the one service talk securely with the other without building some kind of complicated scaffolding and/or configuration? I'm kinda hoping there's a way to just instantiate a HttpClient or WebRequest , call some method to get the proper Authorization header (or maybe cookie?), and send my request on its merry way... but if it exists, it remains elusive to me.

Any elucidation on this would be helpful, thanks.

1 answers

solution1
 1 ACCPTED  2018-05-16 13:07:54

This sort of depends. First, to be clear, you are trying to call an action in the MVC app from the API app? This seems a little odd (more often, a MVC front-end might need to call the api). Regardless, it should still be the same.

Question: Do you want you api app to always call the MVC app as "itself"? So, your api app would have an identity that is authorized to call an action on your MVC app? If so, this is exactly what the OAuth Client Credentials flow is for:

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service

With this flow, you create an Azure AD application registration that represents your API app. Then, at runtime, your API app uses its client id and client secret to acquire a token it can use to call the MVC app (typically passed as a bearer token in the Authorization header). Part of what you can do with the app registration is give it delegated access to your MVC app, but you can also manage which "clients" you want to allow access in your MVC app.

Hopefully this makes sense.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Solution with web project and web service deployment to azure Selenium Web Driver in Azure Service Fabric Publish web site and wcf service to azure Deploy GitLab web app to Azure app service Azure service for distributed desktop and web application Azure ML web service times out Share azure app service for 1 website and 1 web api Async requests to a web service Authorize Web Service Requests Azure Service Bus pub/sub to multiple azure web app instances
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM