0
votes

I have created a resource in Azure API Management Service, Also by using a developer console portal template, the user can sign in and sign up and test listed API from there.

By using Management API I am getting the list of users who signed up through the developer portal. enter image description here

Using management API as below,

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/users?api-version=2019-12-01

I am getting the user list without a password as below using Management API,

    {
    "value": [
        {
            "id": "/subscriptions/1xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/groupName/providers/Microsoft.ApiManagement/service/serviceName/users/5xxxxxxxxxxx",
            "type": "Microsoft.ApiManagement/service/users",
            "name": "5xxxxxxxxxxx",
            "properties": {
                "firstName": "string",
                "lastName": "string",
                "email": "testuser@yahoo.com",
                "state": "active",
                "registrationDate": "2020-09-25T17:15:02.587Z",
                "note": null,
                "identities": [
                    {
                        "provider": "Basic",
                        "id": "testuser@yahoo.com"
                    }
                ]
            }
        }
    ],
    "count": 1
}

I referred below documents,

https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-12-01/user/listbyservice

https://docs.microsoft.com/en-us/azure/templates/microsoft.apimanagement/2019-01-01/service/users

Now, I want a password with this response object with users' data. Can anyone please help me to resolve this issue?

Also please check the below screen dump,

enter image description here

Above users signup using the developer portal template, If I can authenticate APIs using their user's credentials, Or in another way, I would say that only signed up can use API that I have published on API management service.

Thank a lot.

1
Proper password management is for applications not to store a users plaintext password. It's simply not needed. Instead, passwords are one way hashed and salted. Then when a user needs to log in, the password they provided is hashed, and compared to the stored hashed value.mason
@mason Thanks for the replay. Is there any other way available that I can verify the developer portal signed up external users with their credentials (username and password)?Gaurav Radadiya
Have them sign in.mason
@mason I want to get users who signed up from my portal, In the user tab of the portal I can see a list of users but I want users password using API or any other way to get those users' details?Gaurav Radadiya
As we already explained, you are not able to retrieve user passwords, because that would be a huge security violation. You need to change your approach. If you need single sign on across multiple apps, then look into Azure Active Directory or some other form of user management.mason

1 Answers

1
votes

I would expect that the API does not provide the password. And even if it did, it would almost certainly only be a hash. Why would you want to get a users password?? That would be a big security issue.