I have a ASP.NET Core based API that is hosted on Azure websites (endpoint eg. myapi.azurewebsites.net). I want to be able to access the API in a console app (and later a Windows gui app), when the user is logged into the company domain (domain joined).
Progress so far:
The API runs in the following App Service in Azure Portal: MyWebApi
.
In addition, I have created the following App Registrations in Azure Portal:
MyWebApiClient
MyWebApi
I can access the Microsoft Graph API using IWA if I use the method described in this sample:https://github.com/Azure-Samples/active-directory-dotnet-iwa-v2 . Here I only use MyWebApiClient
from above to access Microsoft Graph.
But can someone explain in steps how I can use IWA to protect and access my own API? The sample I linked to above, doesn't show how to setup the API in Azure to work with IWA & Azure AD.
The flow you mentioned is server-to-server. It is similar with client credentials flow.
So, you could go to your API on portal and click Authentication / Authorization
and turn on it. Choose Login in with Azure Active Directory
and associate with your MyWebApi
. Then it will be related with the api.
For more details you could refer to this article Integrated Windows Authentication .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.