azure ad how to authenticate using token passed from another application

Question

I am writing an asp .net MVC web application and I want to authenticate using Azure AD. The web application will not have a sign-in page. It has to be authenticated using a token passed from to it from another application. Really appreciate it if someone can help with an answer.

Answer 1

According to your requirements, you need to create two applications in Azure, one representing the client application and the other representing the api application, and then make the client request an access token from the server, and the server application will verify what the client application provides access token.

First, you need to expose the api of the API application protected by Azure, which can be configured according to the following process:

Azure portal>App registrations>Expose an API>Add a scope>Add a client application

Then you need to create the appRole of the api application, and then grant that role as an application permission to the client application.

Next, go to client application>API permissions>Add a permission>My APIs>your api application.

Finally, you need to obtain an access token using the client credential flow where no user is logged in:

Parse the token：

Finally, you can pass the token to the api application, and the api application will authenticate the client application by parsing the token.