Options for obtaining an access token with Azure application to application authentication

Setup

  • Client runs on a timer (or it receives requests from end users).
  • Client app runs code to get an access token and calls the server app for data (say Orders).
  • The server app receives requests only from apps (not users) and expects certain claims to be present in the request.
  • The server app is secured using an app registration.
  • Based on the request received, the serve app does some computation and returns the data (Orders) to the client app.
  • If applicable, the client app then returns that data to end users.

Server app registration

Secure the server function app

Application role

Create an app role for the server app reg

Client function app

Orders.Read app permissions of the client app reg

Code

Generating access token

1. ADAL (not recommended / deprecated)

2. MSAL.NET

Managed identities

Permissions assigned to the managed identity

3. App Authentication client library for .NET

4. Azure.Identity library

Local development auth

Further enhancements

Summary

--

--

--

Microsoft MVP. M365 Developer Architect at Content+Cloud.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Spark Adaptive Query Execution- Performance Optimization using PySpark

Avast For Mac Review 2015

Lab 3: Analog Input

Magic of CSS + SASS variables

What Are the Different Types of Bugs in Software Testing?

An introduction to modern python

🍓Mirai-HTB✅

How to Convert an Uploaded PDF File to Text in Java: OCR API

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Anoop

Anoop

Microsoft MVP. M365 Developer Architect at Content+Cloud.

More from Medium

Change is Coming: API Authentication

A door to a highly restricted area.

I’m not reading XML, that’s what the computer is for

Creating Interactive Maps Using Leaflet

Create a CI/CD pipeline for a storage api using Spring, Docker, Travis CI and Heroku