How to handle authentication in micro services using azure Ad and .net core?
Question
Net core with micro services architecture. I have web application and API 1 and API 2.I have registered 3 applications in azure AD for web, API1 and API2. Currently I am generating token in web app by expecting user name and password against API1. This flow is working fine. Now I have added one more API which is API2. Now I want to authenticate from API1 to API2 with user context. The code in API2 requires claims such as roles, username and groups etc. So I want to generate token in API1 for API2 with user context. I am not finding way to complete this. Can someone help me with proper approach to accomplish this. Any help would be greatly appreciated. Thank you
1 answers
solution1
1 ACCPTED 2021-03-17 01:28:30
You should consider On-Behalf-Of flow .
I notice that you have another post about OBO flow.
The client_id and client_secret should be from the Web API Gateway application.
You should expose an API in your Protected API application (you can get the Application ID URI like this format api://<application-client-id of Protected API application> in this step) and add the permission in your Web API Gateway application.
And scope should be api://<service_application_id of the Protected API application>/.default .
Since the content above is not related to this post, I just mention it briefly. Hope it helps.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.