I will use Azure AD B2C for service fabric App Security. I will have Stateless front end web service (ASP.NET Core) and stateless services to blob storage + stateful service as data storage. Is good idea create special security stateless service for communication with Azure AD? Or is better "direct" connection from each own service to Azure AD?
0
votes
1 Answers
1
votes
We have similar set up and here is what we did.
All public Api/Service are behind Azure Api Management. API Management will validate the token for all the API. This is good for us to have a central configuration place for token validation as we have a large number of services.
If your service is on Azure then you can use API Management(Premium tier) within you VNET this will give you built in support of API Management with service fabric which is really useful.
If you dont use API management, then you should define any service which are public entry point then validate with Azure B2C there. After that you can trust the JWT in subsequent call to other services.
This article is very useful
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-api-management-overview
I dont think validate the JWT at each service is a good idea. For example you have one request which then trigger 5 services. If you validate token in each one then it might slow your response.
Hope this helps
