CODEWITHSUNDEEP
c#asp.net-web-apiazure-active-directory
user584018
user584018

Reputation: 11344

Azure Active Directory: web api call another web api

I have two different Web API applications (web-api-app1 and web-api-app2) integrated with Azure Active Directory authentication.

I am able to call both API applications individually using some console application like this:

AuthenticationContext ac = new AuthenticationContext("https://login.windows.net/[AD Tenent]");

var clientCredentials = new ClientCredential("app id", "app key");
AuthenticationResult ar = ac.AcquireTokenAsync("https://web-api-app1", clientCredentials).Result;

string result = string.Empty;

HttpClient httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", ar.AccessToken);

HttpResponseMessage response = httpClient.GetAsync("https://web-api-app1/odata").Result;

if (response.IsSuccessStatusCode)
{
    result = response.Content.ReadAsStringAsync().Result;
}

Console.WriteLine(result);

Now my requirement is that I need to call web-api-app2 from web-api-app1 (web API call to web API call). How do I do that? Thanks!

Upvotes: 1

Views: 1368

Answers (1)

Alex Blex
Alex Blex

Reputation: 37048

You need to implement on-behalf-of (docs for v1 endpoints) flow.

app1 should request an access token to app2 using own access token acquired on user authentication.

Manifest of app1 should include permission to access app2.

If apps are in different tenants, the app2 should be consented by app1 tenant admin first.

The official .net example app

Upvotes: 2

Related Questions