Lets say you have Web APIs hosted in an Azure AppService and these Web APIs are protected using Azure AD (EasyAuth). Now you would like to consume them from another website. One approach is using Service Principal account, where you create an Azure AD Application and use ClientID and secret in your website to get an Azure AD Token. Here are the steps . Main disadvantage of this approach is that your application is responsible to protect the ClientID and secret. You can save them in the AppSettings instead of saving it in the web.config file. Or you can use Azure Key Vault. For Key Vault, your code needs to authenticate to access Key Vault.
Better approach is Managed Identity . This option allows to access protected Azure AD resources without any need for secrets or credentials in your code or in web.config. More details on Manage Identity can be found here
Here are the quick steps to use Managed Service Identity Azure AppService
It doesn't add the website URL in the allowed token audiences. Follow these steps to fix this bug
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.