1

We are working on WEB APIs and want to integrate Azure AD for AuthN and AuthZ. We have successfully integrated the same. We have created enterprise applications, custom roles, assigned users for the same. Now we need to allow access to APIs with AWS like keys (Secret / Access keys). Individual user can generate their own keys and store those in Azure AD so that when those keys are used, user can be authenticated.

I didn't find any way to achieve this using Azure AD. Any suggestions around same are welcome. Meanwhile I have gone through custom store for keys. Please refer link : https://www.codeproject.com/Articles/1228892/Securing-ASP-NET-CORE-Web-API-using-Custom-API-Key

Thanks in advance.

GMCS
  • 21
  • 3

1 Answers1

1

Azure AD authentication uses tokens. So any app wishing to call your API must authenticate with AAD and acquire a token for the API.

If these users are making apps within your organisation, then they can register their app in your AAD and require access to your API. They will create and manage their own keys.

If on the other hand these users are making an app for another organisation, you'll have to make your API a multi-tenant app. And you'll need to have an on-boarding page in your API through which you will redirect their admin/user to the AAD login page, where they will consent to any permissions your API requires. After this a service principal is created in their tenant. Then they can register their client apps and require access to your API. They will have full control which permissions they want to assign to each app, what roles to give to users etc. But of course the tokens will contain their tenant id so you can filter access on that.

juunas
  • 54,244
  • 13
  • 113
  • 149