Web Api Calling Web Api Azure AD(Active Directory) Authentication and Authorization

Web Api Calling Web Api Azure AD(Active Directory) Authentication and Authorization
How to call asp.net core web api with azure ad authentication and authorization from another .net 5 web api wtih azure ad authentication and authorization? This video will give you the answer. Below are the steps.

Step - 1 - Create Azure app registrations
----------------------------------------------------------------
We need to create azure Ad app registrations for two apis. We need to go to each azure ad app registration and choose expose an api section. we need to add scopes to each of the app registrations. We need to add roles as we are using asp.net core web api azure ad authentication and authorization. We need to add first web api app registration as client to second web api app registration.

Step -2 - Create .Net 5 Web Api Projects
------------------------------------------------------------
In the step two, we need to create two asp.net core web api applications and associate them with Azure AD authentication. To do that, we need to go to Connected Services in Solution Explorer, choose Microsoft Identity Platform. It will display all the app registrations owned by the user. Choose appropriate app registration and it will add Azure AD (Azure Active Directory) configuration to the appsettings.json and also adds the required nuget packages. It adds code to startup.cs class which calls MicrosoftIdentity Platforms AddMicrosoftIdentityWebApiAuthentication method. To this we need to pass Azure AD configuration. We need to do this with two applications. In the first web api, in Startup.cs class we need to add call to AddDownstreamWebApi method and mention the app settings azure ad configuration related to other web api . The configuration must have an azure scope. In the first web api controller we need to use IDownstreamWebApi interface to get the built in DownstreamWebApi class and use CallAsUserAsync method to get the response from other web api which has azure ad authentication.

Step -3 Writing Actions and decorating them with Authorize Attribute
---------------------------------------------------------------
For asp.net core web api authentication and authorization calling other web api with azure ad authentication we need to create actions and decorate them with required roles. In this demo for the first asp.net core with azure ad authentication we have used OperationsAgent role and for the second web api with azure ad authentication we have used Members.Readonly role.

Step - 4 Assigning Azure AD (Active Directory) roles to the user
-------------------------------------------------------------
We need to go to azure active directory, Enterprise applications and choose correct application registration. Then click on Assign roles to users and Groups. In the next page we can add azure ad roles to user. We need to do this role assignment for the user in both azure ad app registrations.

Step - 5 Testing Azure AD with Postman
-----------------------------------------------------------
We need to use Outh 2.0 authorization flow in postman and add required configuration for getting the azure authentication token in Postman. We need to create a separate app registration for the postman as well. Then we can login with the user who has both roles and hit the first api with azure ad authentication. Then it will call the other api with azure ad authentication. You can find the response in the response panel of postman tool.

Chapters
00:00 Introduction
00:36 Realtime use case for Web Api Azure AD Authentication
02:42 Creating Azure App Registrations and Adding Scopes
06:04 Creating Azure AD Roles
07:10 Creating Asp.net Core Web Api and Configuring Azure AD Authentication
20:03 Creating another Web Api with azure ad using Microsoft Identity Platform
31:25 Assign Azure AD role to user
32:00 Azure AD authentication - Test using Postman

#AzureADAuthenticationAndAuthorization#
#WebApiAzureADAuthenticationAndAuthorization#
#WebAPIWithAzureADCallingAnotherWebAPI#

Buy Me A Coffee - https://www.buymeacoffee.com/azuretea...
github link - https://github.com/AzureTeachNet/Azur...