In this video I have demonstrated Securing WebAPI with Azure Active Directory Authentication and Authorization using .Net Core. In Asp.Net Core Web API, Authentication is the process of obtaining some kind of credentials from the users and using those credentials to check the user’s identity. Authorization is the process of allowing an authenticated user access to resources. Authorization refers to the process that determines what a user is able to do. For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. A non-administrative user working with the library is only authorized to read the documents.
In this tutorial, I have created an Asp.net Core Web API application with two roles Readonly and Readwrite and integrated it with Azure Active Directory for authentication. The roles created are used for authorizing the clients when they are sending the requests and registered the application in Azure Active Directory App Registrations. Also I have configured resource url in Expose As API section of App registration and configured roles in App Roles section of App Registration.
After that, I have created two more app registrations for readonly and redwrite clients. I have assigned roles to these clients. Later I have shown accessing the Azure Rest API with postman using the ClientId, ClientSecret and other parameters to get the token from Azure AD and later used the token to access C# Asp.Net Core Web API which uses Azure AD authenticaiton and Authorization. Please note that we have to generate client secrets for both the client applications.
As Readonly Client has Readonly permission It is not authorized to access readwrite end point of Asp.net core web api that has Azure AD authentication and Authorization. However, ReadWrite Clients can access both the end points.
Later I have created, two .net Core Console applications one for ReadOnly Client and the other for ReadWrite Client and configured AzureAD details in the application. I have used AuthenticationContext, ClientCredential classes of Azure Active directory nuget package to access token from Azure Active Directory token end point and later used the token to Access Asp.net Core Web API application that uses Azure Active Directory Authentication and Authorization.
01:40 Creating App Registrations in Azure
02:28 Configuring API App Registration Roles
03:52 Creating Asp.net Core Web API with Azure AD authentication and Authorization
10:45 Configuring Client App Registrations
12:45 Testing Azure Web API with Postman
19:00 Creating Console Applications to Access Azure AD to get token and access Web API
Buy Me A Coffee – https://www.buymeacoffee.com/azureteachnet