1

We have a .NET MAUI app that uses our internal API and also needs to use Esri's ArcGIS portal. The authentication for ArcGIS portal is setup to use our Azure AD as identity provider. What we are trying to accomplish the following flow:

  1. Using our app, the user interactively logs-in to our Azure AD (in order to access our internal API), and the app eventually obtains the Bearer token for our internal API.
  2. Our app then non-interactively logs-in the user to ArcGIS portal, and eventually obtains the Bearer token for the ArcGIS services.

We're using .NET MAUI. But any .NET6 example would suffice.

Thank you!

We are able to login interactively to ArcGIS, using the same user/pass as we use to authenticate into our Azure AD. However we cannot figure out how to do this non-interactively.

dik1977
  • 21
  • 3

1 Answers1

0

Here is info on using an API key or registering the .NET app with Portal for app credentials. This has worked for me in the past for in a similar application. Here is a helpful doc for identifying scenario specific options:

https://developers.arcgis.com/documentation/mapping-apis-and-services/security/#capability-comparison

Using API Key or application registration, you wouldn't technically be authorizing the authenticated .NET app user with your ArcGIS Portal, instead you would be authorizing your application to use portal services so you wouldn't be able to limit services by .NET app user role.

Else I suppose it could be possible to allow an application to use one identity provider with two services providers (internal API, AGS Portal) using an SSO flow. User accesses app and authenticates with identity provider, user accesses ArcGIS Portal service in app and authenticates with AGs Portal via SSO. I don't know is this would work for all scenarios using ArcGIS Portal and Rest API.

https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/arcgisenterprise-tutorial

AliWieckowicz
  • 549
  • 1
  • 4
  • 17