How to connect to Azure Maps with Managed Identity access using azure-maps-control package from Angular application?

Question

How to connect to Azure Maps with Managed Identity access using azure-maps-control package from Angular application?

Arjun Ramesh 21

I am trying to connect to Azure Maps from Angular code using "azure-maps-control" package. Previously I was using a subscription key to do so, however now I am looking to remove this from the code and use the concept of managed identity instead.

What was tried:

I was trying to initialize the map using authOptions mentioned in following code snippet:


 AzureMapComponent.map = new atlas.Map('azure-map', {
      bearing: -10.5,
      center: centerCoordinates,
      zoom: zoomLevel,
      maxZoom: 23.9,
      style: 'road',
      view: 'Auto',
      showLogo: false,
      showFeedbackLink: false,
      authOptions: {
        authType: AuthenticationType.anonymous,
        clientId: '<azure-map-client-id>'
        getToken: function (resolve, reject, map) {
          var tokenServiceUrl = "https://login.microsoftonline.com/api/GetAzureMapsToken";

          fetch(tokenServiceUrl).then(r => r.text()).then(token => resolve(token));
        }
      }
    });

However on deploying this code to an app service and testing, I am getting CORS error as shown below:

User's image

Note: I have added the app service URL in the CORS section of my Azure Maps account.

Answer 1

rbrundritt 8,141 Microsoft Employee

https://login.microsoftonline.com/api/GetAzureMapsToken isn't a real URL. You need create a small REST service that retrieves the token on the server side and passes it down to the web frontend. This is the documentation related to your scenario: https://learn.microsoft.com/en-us/azure/azure-maps/how-to-secure-webapp-users Here is an example Azure function I used in the past to retrieve an Azure Active Directory Token and pass it down to a web frontend: https://github.com/microsoft/satellite-imagery-labeling-tool/blob/main/maps-auth/GetAzureMapsToken.cs

Debashis Jena 31 Reputation points

2023-05-04T07:19:02.9733333+00:00

Hi,
We tried with the approach you have suggested. Created REST service that provides the token to Frontend. But it is giving Invalid Azure AD access token error in frontend during calling Azure Maps.

Can you please suggest any solution for this issue?
rbrundritt 8,141 Reputation points Microsoft Employee

2023-05-04T16:44:21.48+00:00

Take a look at the network trace in the browsers dev tools and inspect the response from your custom service that is retrieving the token to make sure it looks like at token and not an empty string or error message being returned. When Azure AD I've found that it sometimes takes 15 minutes for role changes to flow through the system.
Debashis Jena 31 Reputation points

2023-05-04T20:27:40.6266667+00:00

REST API Code:

Angular Code:

Authorization Token snapshot present in header of Azure Maps URL call :

We have checked the network trace and also checked the token got from the REST API. It looks fine.
Please let us know if we are doing mistake in any step.
rbrundritt 8,141 Reputation points Microsoft Employee

2023-05-05T15:46:28.1866667+00:00

At this point I would recommend opening up an Azure support ticket as there might be an issue somewhere within the system if you are getting tokens but it doesn't like them. Go into the Azure portal, select your Azure Maps account resource, on the left side panel, scroll to the bottom and you will see "New Support Request".
LeelaRajeshSayana-MSFT 3,536 Reputation points

2023-05-05T15:58:45.5166667+00:00

Hello @Arjun Ramesh If you do not have access to a support plan, could you please send an email to azcommunity@microsoft.com with the below details, so that we can work closely on this matter.

Thread URL: Link to this thread.
Azure Subscription ID:
Email Subject : Attn Leela
Debashis Jena 31 Reputation points

2023-05-09T09:05:58.1433333+00:00

Hi, we wanted to check if there is any method other than managed identity for secured connection, which can be used to replace the usage of api-keys in the application code. From our understanding so far, managed identity authentication is not supported from Angular code (browser), and generating access token in backend service and using that token in the UI is the only feasible approach. However this affects our performance and we are explicitly looking for some way to rid the use of API key from the Angular code. It would be great if you could suggest some other mechanism other than managed identity (if any) that can be used directly for authenticating to Maps without having to rely on the backend code.

How to connect to Azure Maps with Managed Identity access using azure-maps-control package from Angular application?

1 answer

Activity