I have an Event Grid which is used for publishing events. I have a Web-Hook based subscriber which will be listening to the event. The webhook is hosted on Azure App Service and is protected by an AAD App. In this scenario will Event Grid be able to publish an event to a Web endpoint which is protected by AAD? My event grid topic and the web app are in the same subscription.
2
votes
have a look at docs.microsoft.com/en-us/azure/event-grid/…
– Roman Kiss
you can subscribe an access token in the query parameter of the webhook url
– Roman Kiss
@RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header
– Pratik Bhattacharya
beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers
– Roman Kiss
@RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?
– Pratik Bhattacharya
1 Answers
2
votes
According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.
Per my experience, there are two ways to realize it.
Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.
However, the other way is to change your app service code to allow anonymous accessing. For example, adding
[AllowAnonymous]on your controller method if using ASP.NET, please see the Azure Sample code.
hope it helps.
