0
votes

I am new to Azure Active Directory and I am bit confused about the concept and its capabilities.

I am developing an API and a native client application that will consume this API. I registered both the API and the client app in AAD and I managed the authorization of the client application using my Admin credentials (Azure Account). But I still don't get it. I want the users of my client application to be able to register to the app service and then use it.

Should I handle that myself within the API (user/password in database) ? Or programmatically create users in AAD when users signup for my application ?

Which solution is better if I plan to offer more APIs ?

If using AAD is the case I will be grateful if you provide explanations, useful links or code examples if possible.

1
You need an AAD B2C tenant for self service signupMardoxx
I am new to AAD and B2C is the key word here. Your help is appreciated :)Anis Tissaoui

1 Answers

0
votes

Your question is quite broad, and is comprised of several questions, so it is hard to answer concisely.

If your users are already in your Azure AD, you should use that as the user store. If however, they are outside of your organization, you could use Azure AD B2C, which contains functionality for selfservice account creation. Or take a look at https://stackoverflow.com/a/16068340 for a suggestion on how to use AAD for public users.

If the users are already present in your AAD, and you haven't set up user assignment on the application in AAD, they can already log on to the application. You can use role based security to grant users different levels of access to the API methods if you are interested in that.