Managing access from a Console App to a Web API on Azure

Question

I have an Angular application deployed on Azure secured with Azure Active Directory. To achieve that, I have followed this guide : https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-angular.

So, in order to query the website's Web API, the user needs to be authenticated on Azure Active Directory. So far, everything works great.

Now, we have a internal service, not deployed on Azure, that needs to query a method of that Web API, which is already secured as previously mentioned.

Is there a way, without using the Api Management service, to give access to the internal service in order to call the secured Web API without having the need to use a AAD username / password?

I tried using ADAL librairy, but all the example that I have seen prompt an AAD username password login.

Fei Xue - MSFT Fei Xue - MSFT · Accepted Answer · 2017-06-06T02:25:11

To call the web API which protected by Azure AD without interaction to provide username and password, we can use the Client Credentials flow( refer this document).

And there is the code to use the azure-activedirectory-library-for-dotnet for your reference:

string authority = "https://login.microsoftonline.com/{tenantId}";
string clientId = "";
string secret = "";
string resource = "";

var credential = new ClientCredential(clientId, secret);
AuthenticationContext authContext = new AuthenticationContext(authority);
var token = authContext.AcquireTokenAsync(resource, credential).Result.AccessToken;

Console.WriteLine(token);

Managing access from a Console App to a Web API on Azure

1 Answers