Azure API: You do not have permission to view this directory or page.

Jean Pierre 0 Reputation points
2024-03-14T16:05:10.46+00:00

Got an API with JWT hosted in Azure. I need to connect to it to get an Identity Token, (POST: /Identity/Login) from Postman but it is replying: You do not have permission to view this directory or page.

If I try it from swagger, I get a token, but Swagger is inside that api, ie in Azure. From outside Azure, I cannot connect to the API.

Can I configure the API to connect via a Client ID & Secret? This API will be used in a Mobile Application.

Thanks

JP

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,438 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 55,366 Reputation points
    2024-03-14T16:14:16.1666667+00:00

    I you are using azure ad identity then you can use a clientid & secret. in your azure ad app configuration portal, add api permission and define a secret.

    note: a disassemble of the mobile app will reveal the secret. A better approach is some sort of registration of the mobile app that retrieves the secret from the api website and stores encrypted. also it is a good idea that the secret expires and must be updated.