Azure AD and Group-based authorization

“Hello World!” In my previous post I talked about how to use Azure AD to secure an Asp.Net Core web API project. If we want to go further than just protect our web API, we can use groups to further customize the access. A typical example is to restrict the access only for users belonging…


Access an Azure AD secured Api with Asp.Net Core 2.0

Basic AzureAD scenario
Basic AzureAD scenario

tl;dr Register a new Web App in AAD for the Api Register a new Web App in AAD for the FronEnd Add the permissions to access the Api app Configure the Web apps code with the authentication details as usual (ClientID, Client Secret, Audience Uri..etc..). In Azure portal edit the FrontEnd manifest enabling the implicit…