C#C
C#3y ago
stayclaxxy

❔ Calling an Azure AD protected Web API endpoint from an Azure AD protected Web App [.NET 7]

I am having trouble getting the correct flow/configuration to call my Web API Endpoint that is protected with Azure AD.

This is how the Authentication is configured on the web API currently:
builder.Services.AddMicrosoftIdentityWebApiAuthentication(builder.Configuration, "AzureAd");

The Configuration just has the details like clientId, TenantId, Domain, Audience and secret, etc.


This is how I am setting up authentication on the web app: (the only scope is an expose API from the API App registration named "WeatherForecast")
string[] initialScopes = new[] { "api://33..38/WeatherForecast" };

// Add services to the container.
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration)
    .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
    .AddInMemoryTokenCaches();


My question is, how do I get the access token to add to the authorization header to call my web api endpoint? The endpoints are role-based based on the user's roles, so is On-Behalf-Of flow the correct flow to use here? If so, I have looked at Microsoft's examples, and I am still very confused on how to achieve what I want to do. TIA!
Was this page helpful?