C
C#2mo ago
DeaDo

ASP.NET & EntraId: Acquire Token on Behalf of User for Azure Resource Manager

I have 2 Applications - A SPA thats authenticated with MSAL. - A ASP.NET web-api thats secured with Entra Id. I created 2 App-registrations in EntraId and im able to authenticate the User, obtain a Token for Web-API & call the backend. The Backend is using the AzureResourceManager with the ArmClient SDK & DefaultAzureCredentials (with shared secret in environment variables). The ArmClient can access resources if the application registration has permission. Now I want to use the Users Permission from the SPA & OBO Flow to request resources he has access to. However. After struggling with the documentation for 2 days I cant figure out how to do that. https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/tree/master/2.%20Web%20API%20now%20calls%20Microsoft%20Graph this seems closest to what i want to achieve (with ArmClient though, not with GraphAPI) But i have no idea how to obtain the ARM Client in my service & IDK how to authenticate it
GitHub
active-directory-dotnet-native-aspnetcore-v2/2. Web API now calls M...
Calling a ASP.NET Core Web API from a WPF application using Azure AD v2.0 - Azure-Samples/active-directory-dotnet-native-aspnetcore-v2
0 Replies
No replies yetBe the first to reply to this messageJoin