Reputation: 1668
Web API that calls Azure AD Microsoft APIs with user Impersonation
I have asp.net core 3.1 Web API project that needs to call Microsoft Azure API ( for e.g. Storage API on behalf of other user (Impersonation).
I believe this can be achieved by Azure App Registration and then creating Impersonation for user by acquiring token interactive first and then silently with Microsoft.Identity.Client library.
- But how do I do this from my API since I don't want to use any interactive authentication from within API.
- What is the ASP.NET Core 3.0 friendly version for Web API authentication for Microsoft.Identity.Client .NET library
Any examples would be helpful...
Upvotes: 1
Views: 1677
Answers (2)
Reputation: 27588
You can implement getting tokens on behalf of a user (Service to service calls) use on-behalf-of flow (OBO) with MSAL , you can check the document & code snippets from document here using MSAL 2.3 + .
Upvotes: 1
Reputation: 15639
If your web api is protected by Azure AD, you can use On behalf of flow. Here is the scenario regarding a web API that calls web APIs.
If your web api is not protected by Azure AD and you want to use user token, you must use interactive authentication or ropc flow to call Azure API.
Reference:
Web API calling Microsoft Graph.
Upvotes: 0
Related Questions
- Create API to authenticate users to azure active directory
- ASP.NET Core Web API + Azure AD Authentication
- Authenticating a user in Azure AD through a web api?
- ASP.NET Web API 2 -> Windows Authentication -> Impersonate Windows user on Azure
- Using Azure Active Directory authentication in ASP.NET Core 2.0 from Web App to Web API
- Use OAuth2 for authentication against Azure AD to call WebAPI
- Passing credentials from Web App to Web API. Azure AD authentication
- Authentication for web api using azure AD
- Azure Web App web API impersonate user using ClaimsIdentity
- Secure Web API With Azure AD