How to handle authentication between API and Client in Azure
Question
I'm not really sure what to call this but basically I have a service app that just serves up an API while occasional calling external APIs in the background to keep the data updated. Aside from authenticating to the external APIs there is no other authentication on this app.
Then, I have a front end app that uses the API of the service app to get data and display it to the user, and optionally modify some of the data. This app is setup to authenticate against Azure AD and has app roles setup to restrict access to various sections.
How would I secure the service app API so only calls from the front end app are served, and everything else gets rejected with 401?
1 answers
solution1
0 2020-03-01 16:47:40
You can protect the API by using OAuth with Azure AD. The below overview can help you out with your scenario:
- Register an application in Azure AD to represent the API. Reference
Basically in this step, you will be making sure only the application (your app) who has permission can access the API.
- Register another application in Azure AD to represent a client application. Reference .
In this step, you are creating another application representing your app so that trust can be created between API and your app.
- Grant permission in Azure AD. Reference .
In this step, you are giving permission to your app to access your API.
- Make use of Client Credential flow to authenticate your app to your API. Reference .
In this step, you will be configuring your app with the information of Azure AD application of the API. Using that information, you will be retrieving access token and you need to pass this access token to your API.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.