Demonstration of App Service built-in authentication feature.
cd infrastructure
terraform init
terraform apply -auto-approvecd api into the API directory and deploy the application:
bash build.sh
az webapp deployment source config-zip -g <group> -n <app> --src ./bin/api.zip
Test the application. The following URI paths are available as GET controllers:
/api/dogs
/api/claims
/api/healthz
# This is bugged due to SDK issue
/api/graph
For debugging, the /.auth/me is available.
Create an application registration using the portal or cli. No secrets are required for this demonstration. Add a redirect URL of type Web for http://localhost:5269/.auth/login/aad/callback.
Add the environment variables:
export AzureAd__Domain="<DOMAIN>"
export AzureAd__TenantId="<TENANT_ID>"
export AzureAd__ClientId="<CLIENT_ID>"Run the application:
dotnet restore
dotnet run
- App Services Authentication and Authorization
- Restricting App to a set of users
- Customize sign-in/outs
- Access User Identities
- Microsoft.Identity.Web
- App Service -> Key Vault references
Other sources:
https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-web-api-call-api-overview
https://stackoverflow.com/questions/69001458/asp-net-core-5-webapi-azure-ad-call-graph-api-using-azure-ad-access-token
https://www.youtube.com/watch?v=pcWdR0LcNaI
https://stackoverflow.com/questions/66530370/how-to-use-di-with-microsoft-graph
https://learn.microsoft.com/en-us/azure/app-service/tutorial-auth-aad?pivots=platform-linux#call-api-securely-from-server-code