Reputation: 107
How is it possible to authenticate an application using Azure AD
I'm trying to setup an application to validate identity using Azure AD and acquire a token to allow access to a secure api. The front end application is written in angular and allows anonymous access. What can I use to access AAD authenticate and return an access token?
This will be an angular 6+ UI that is communicating to a secure .Net api using Azure AD for authentication. I have done a couple days research and everything points to a user logging in to authenticate using the login page. I need it to be by app and open the login page. I tried a couple examples where it utilized authentication/authorization and that didn't work because the app needs to authorization the user to talk to the api. I have seen where people were using Microsoft graph but once again it was user based and they were redirected to an azure login. I am looking for a solution that will allow me to setup an account in azure ad and authenticate the app on start to get an access token to allow communication to my secure api. If I have missed something somewhere in my research and test attempts let me know. This is my first Azure AD auth attempt and I feel like I am missing something for application authorization.
Upvotes: 0
Views: 561
Answers (1)
Reputation: 58773
The problem is an Angular app is what we call a public client. It cannot hold secrets and thus cannot prove its identity. So, only user-based authentication flows should be used by public clients.
Confidential clients on the other hand can hold secrets as they run on servers that you control. So for example, a back-end Web application or API would be a confidential client. Those can use the client credentials flow to acquire access tokens and call APIs as themselves without a user being involved.
There is a bit of a fundamental issue in your question. Your API requires authentication, but you want functionality to be available to anonymous users. So you want to bypass authentication.
If you really want to bypass authentication for parts of the API, you could just make those endpoints available anonymously without a token.
Upvotes: 3
Related Questions
- How to authenticate both PC and application installed in it with Azure AD
- Azure AD authentication with .NET framework
- azure ad how to authenticate using token passed from another application
- Authenticating through Azure Active Directory in a Web App
- Azure AD authentication for ASP.NET Core Web Application
- Authentication using ADAL
- Azure AD and Office 365 authentication for apps
- How to use Azure AD Authentication Library to sign in to WPF app?
- Azure API APP authentication using Azure AD
- How to use Azure AD for authenticate users for third-party applications?