Access Azure Active Directory secured site from other web application

0
votes

We have a separate web application secured with Azure Active Directory that exposes some (internal) services.

Now we want to access these services from within our site, but this fails off course because of the authentication that is not yet done. This site doesn't use Active Directory for authentication.

Is it possible to configure this site as a trusted client (through token, key) in the web.config? So that we don't need any code modifications? Or has this to be done through code?

Kind regards,

1
asp.netazureactive-directoryazure-active-directory

1 Answers

1
votes

It looks like you have a WebAPI secured using Azure AD (what you refer to as web application) and a WebApp (what you refer to as site) that needs to access the WebAPI. If this is indeed the case, you can register both the WebApp and WebAPI as applications in Azure AD (the WebApi is presumably already registered, as it is secured using Azure AD). Then, your WebApp can access your WebAPI using its own identity (client credential OAuth flow sample code) or on behalf of the signed-in user (auth code grant OAuth flow sample code).

In either case, the WebApp (site) needs to acquire an access token to access the WebApi and send this access token in the Authorization header in every call that it makes to the WebApi - this will require code changes to the WebApp. In theory you can build a proxy application that acquires tokens and injects headers in all outgoing calls - however I doubt it would be worth the effort.

Hope this helps.