Identity Platform: Client server application

Simone Demuro 50 Reputation points
2023-04-01T18:09:47.63+00:00

I was reading about Microsoft Identity Platform, There is a well-crafted subway map of all the supported scenarios.

It is not clear to me which documentation to follow for the following scenario:

In the context of a client-server web application, for example, an angular front end and a .Net backend that talks via REST APIs, what is the Microsoft documentation I can follow?

Can I arbitrarily decide to put the duty of implementing the login in the front end or in the backend or are there any guidelines?

If I go for Single-page app (SPA) can I send the front-end authentication token to the backend to authorize the method calls?

Thanks!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,898 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,918 questions
0 comments No comments
{count} votes

Accepted answer
  1. Shweta Mathur 28,201 Reputation points Microsoft Employee
    2023-04-03T07:22:16.57+00:00

    Hi @Simone Demuro ,

    Thanks for reaching out.

    In the context of a client-server web application, for example, an angular front end and a .Net backend that talks via REST APIs, what is the Microsoft documentation I can follow?

    For your scenario, you can follow the below documentations for securing a web API with Microsoft Identity Platform.

    https://learn.microsoft.com/en-us/azure/active-directory/develop/authentication-flows-app-scenarios

    https://learn.microsoft.com/en-us/azure/active-directory/develop/sample-v2-code

    Reference sample: https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial/blob/main/5-AccessControl/1-call-api-roles/README.md

    Can I arbitrarily decide to put the duty of implementing the login in the front end or in the backend or are there any guidelines?

    As for deciding where to implement the login functionality, it is recommended to implement it on the front-end side of your application for SPA. This allows for a better user experience, as users can log in and authenticate themselves without having to reload the entire page. However, you can also implement it on the backend side for web applications.

    If I go for Single-page app (SPA) can I send the front-end authentication token to the backend to authorize the method calls?

    If you decide to use a Single-Page Application (SPA) architecture, you can send the front-end authentication token to the backend to authorize method calls. This is a common approach to securing REST APIs with token-based authentication, where the front-end sends an access token with each API request to the backend as bearer token in the authorization header, which then validates the token to authorize the user and execute the API method.

    Hope this will help. If you have any other questions regarding that, feel free to let us know.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful