Azure API: You do not have permission to view this directory or page.

Jean Pierre 0 Reputation points
2024-03-14T16:05:10.46+00:00

Got an API with JWT hosted in Azure. I need to connect to it to get an Identity Token, (POST: /Identity/Login) from Postman but it is replying: You do not have permission to view this directory or page.

If I try it from swagger, I get a token, but Swagger is inside that api, ie in Azure. From outside Azure, I cannot connect to the API.

Can I configure the API to connect via a Client ID & Secret? This API will be used in a Mobile Application.

Thanks

JP

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,164 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 71,186 Reputation points
    2024-03-14T16:14:16.1666667+00:00

    I you are using azure ad identity then you can use a clientid & secret. in your azure ad app configuration portal, add api permission and define a secret.

    note: a disassemble of the mobile app will reveal the secret. A better approach is some sort of registration of the mobile app that retrieves the secret from the api website and stores encrypted. also it is a good idea that the secret expires and must be updated.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.