I have a B2C protected Web API hosted on Azure. I need to create a Scheduled Task (or web Service) which will need to consume resources from the Web Api. What is the recommended approach to get the Scheduled Task to authenticate with the Web Api?
I don't think that I can use B2C in this scenario. I was thinking of using secret keys but I can't quite figure out how to set this up in Azure as well as how to update the Web Api OWIN middleware to handle both B2C and key authentication.
Here is my current Startup.Auth:
public void ConfigureAuth(IAppBuilder app)
{
TokenValidationParameters tvps = new TokenValidationParameters
{
// Accept only those tokens where the audience of the token is equal to the client ID of this app
ValidAudience = ClientId,
AuthenticationType = Startup.DefaultPolicy
};
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
// This SecurityTokenProvider fetches the Azure AD B2C metadata & signing keys from the OpenIDConnect metadata endpoint
AccessTokenFormat = new JwtFormat(tvps, new OpenIdConnectCachingSecurityTokenProvider(String.Format(AadInstance, Tenant, DefaultPolicy)))
});
}
Cheers!
