Building Web APIs with Azure ID Auth

Jul 31, 2024

Creating Web API Applications with Azure ID Authentication

Overview

  • Demo focuses on creating two web API applications
  • Both APIs protected by Azure ID authentication and authorization
  • One API (Operations Agent API) acts as a client to the other (Members API)
  • Testing conducted using Postman

Use Case

  • Members API: Enterprise-level API for storing member information (insured individuals).
    • Any application needing member information must call this API.
  • Operations Agent API: Application-level API used solely by the UI development team.
  • User Interface displays basic member information and agent interaction history.
  • Roles Required:
    • Operations Agent Role to access Operations Agent API.
    • Members Read-Only Role to access Members API.

API Development Steps

  1. Creating App Registrations:

    • Two app registrations needed in Azure:
      • Operations Agent API App
      • Members API App

  2. Operations Agent API App:

    • Register the app and set the Application ID URL.
    • Add a scope called operations agent dot all.
    • Define granular permissions using scopes for client applications.

  3. Members API App:

    • Register the app and set the Application ID URL.
    • Add a scope called members api dot all.
    • Add the Operations Agent API as a client application.

  4. Creating Roles:

    • Members API App:
      • Role Name: members.read.only
    • Operations Agent API App:
      • Role Name: operations agent

Project Setup

  1. Members API:

    • Create a new ASP.NET Core Web API project.
    • Configure Microsoft Identity Platform.
    • Update app settings for Azure ID configuration.
    • Create a Member model with properties like ID, First Name, Last Name, Address.
    • Implement the GetMemberInfo method to retrieve member data.

  2. Postman Configuration:

    • Set up Postman to interact with the API.
    • Configure authorization and request headers to include Azure AD token.

  3. Operations Agent API:

    • Create a new API, configure for Microsoft Identity Platform.
    • Set up to call the Members API.
    • Implement the GetAgentMemberHistory method that accesses the Members API using HTTP GET.
    • Validate roles and scopes for accessing endpoints.

Testing the APIs

  • Use Postman to test both APIs:
    • Ensure proper authorization by providing required roles.
    • Validate responses and functionality of the API flow.

Conclusion

  • Both APIs successfully demonstrate Azure ID authentication and authorization.
  • Encouraged to subscribe to azureteach.net for more insights on Azure and .NET.