ASP.NET & EntraId: Acquire Token on Behalf of User for Azure Resource Manager
I have 2 Applications
- A SPA thats authenticated with MSAL.
- A ASP.NET web-api thats secured with Entra Id.
I created 2 App-registrations in EntraId and im able to authenticate the User, obtain a Token for Web-API & call the backend.
The Backend is using the AzureResourceManager with the ArmClient SDK & DefaultAzureCredentials (with shared secret in environment variables).
The ArmClient can access resources if the application registration has permission.
Now I want to use the Users Permission from the SPA & OBO Flow to request resources he has access to.
However. After struggling with the documentation for 2 days I cant figure out how to do that.
https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/tree/master/2.%20Web%20API%20now%20calls%20Microsoft%20Graph
this seems closest to what i want to achieve (with ArmClient though, not with GraphAPI)
But i have no idea how to obtain the ARM Client in my service & IDK how to authenticate it
GitHub
active-directory-dotnet-native-aspnetcore-v2/2. Web API now calls M...
Calling a ASP.NET Core Web API from a WPF application using Azure AD v2.0 - Azure-Samples/active-directory-dotnet-native-aspnetcore-v2
0 Replies