Skip to content

A three tier application, where backend auth is done in App Service instead of in code

Notifications You must be signed in to change notification settings

mohitsriv/EasyAuthMultiTierSample

Repository files navigation

This sample demonstrates how the "Easy Auth" feature in Azure App Service can be used to secure a multi-tier application without writing code on the backend(s).

To use this sample:

  1. Deploy each of the three projects in this sample to its own Azure App Service Web App. [Optional - if you don't already have AAD applications] Configure Easy Auth in the Web Apps settings (Azure portal) for MyDashAPI and MyDashDataAPI.

  2. Create a secrets.json file in the MyDashAPI folder with the following structure:

     {
       "ida:Authority": "https://login.windows.net/[your tenant]",
       "ida:ClientId": "[fill in client id of caller (MyDashAPI)]",
       "ida:ClientSecret": "[fill in client secret of caller (MyDashAPI)]",
       "ida:Resource": "[fill in client id of target (MyDashDataAPI)]"
     }
    
  3. Adjust the parameters in MyDashFE\app\scripts\app.js to match the above (namely ClientId and Authority).

  4. To have MyDashDataAPI restrict access to a specific service principal, specify AllowedClientPrincipalId in Web.config.

  5. Run Set-AppSettings.ps1 in the root folder. Note: Adjust the constants up top to match your deployment. You will need Azure PowerShell 1.0.1 or greater.

About

A three tier application, where backend auth is done in App Service instead of in code

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published