Authenticate Against Azure API Management

0
votes

I have an existing API Management service that I have enabled REST APIs with. The API management services comes by default with a developer portal where people can register to use our APIs.It looks something like this.

enter image description here

As you can see, you can register here but also sign in. This API management service by default uses basic authentication to move you forward. After looking at the docs for API management service, I was not able to find anything that would help me replicate this so I can use APIs to make the same /register or /login calls.

My question is, how can I use my own Angular app to make API calls with a simple username/pw to allow user registration and login against API management service?

1
azurebasic-authenticationazure-api-management
just to clarify, you want to build your own register / login pages rather than the one provided by API Management, right?Thiago Custodio
Yes that is correctShray
Would it make sense to do this with delegated sign up/in : docs.microsoft.com/en-us/azure/api-management/… ?Kai Walter

1 Answers

1
votes

See here https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/user/createorupdate for an API call to create a new User in API Management.

There are two ways to address APIM management API. The default and most commonly used way is through ARM (https://management.azure.com) this way you only will be able to use ARM auth and will go through usual RBAC checks before you're given access to any operation.

If you're aiming towards how dev portal itself uses APIM management API then you need to follow this guidance: https://docs.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-authentication. On one thing this allows you to create SAS token and call management API directly (notice that hostname in base URL is different), but more interestingly, once this API is enabled it becomes possible to call it anonymously as well. Of course only data you expose to anonymous users through dev portal is available this way.

More interestingly though is that it opens possibility to make Basic auth calls to such management API. Anonymous user could make call to any endpoint with Basic auth token based on user email and password and be authenticated this way.