Revision history [back]

To set up AAD App Registration and WebAPI to enable [Authorize], follow these steps:

Create an Azure AD App Registration: a. Log in to the Azure portal b. Click on Azure Active Directory from the left-hand menu c. Navigate to “App registrations” and click “New registration” d. Fill in the required details and click “Register” to create the app registration e. Note the “Application (client) ID” as it will be used in later steps
Configure authentication for the WebAPI: a. In Visual Studio, navigate to the project properties page b. Click on the “Debug” tab and select “IIS Express” under “Launch” c. In the “App URL” field, append “/.auth/login/aad/callback” to the URL (e.g. https://localhost:44353/.auth/login/aad/callback) d. Save the changes and close the properties window
Configure the WebAPI to validate tokens: a. Install the “Microsoft.AspNetCore.Authentication.AzureAD.UI” NuGet package b. In the “Startup.cs” file, add the following code to the “ConfigureServices” method:
services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme) .AddAzureADBearer(options => Configuration.Bind("AzureAd", options)); c. Add the following line to the “Configure” method:
app.UseAuthentication();
Configure the WebAPI to require authorization: a. Add the [Authorize] attribute to the desired controller or action b. Deploy the WebAPI to an Azure App Service
Configure the Azure AD App Registration to allow the WebAPI to access it: a. In the “App registrations” screen in the Azure portal, navigate to the app registration created in step 1 b. Click on “API permissions” and click the “Add a permission” button c. Select “My APIs” and select the WebAPI that was deployed in step 4 d. Select the appropriate permissions and click “Add permissions” e. Grant admin consent for the new permission by clicking “Grant admin consent for…”

Once these steps are complete, the WebAPI should be configured to require authorization and users will need to authenticate via Azure AD before accessing the protected resources.