Single Azure AD for multiple connected apps

priyanka 1 Reputation point
2020-11-13T18:55:56.233+00:00

Hi,

I have 3 applications, Client App, WebAPI1(.net core ) and WebAPI2(Express REST API).

The programmatic flow is like this, Client App -> Webapi1 -> WebApi2.

We have registered an AD App (AAD App1) in AAD and using that currently with user login and redirection URL in the client App.
We want to implement authentication logic using bearer tokens in Web API1 and Web API2.

Ideally, we would like to reuse the same AAD App1 between all Client App, WebAPI1 and WebAPI2 from a maintenance point of view.

The doc articles I have gone through so far are talking about configuring multiple AD Apps for each of the web apps/API, and giving permissions to the previous callee app in the AAD.

Is it possible to use same azure ad for all 3 apps ( User login authentication for Client app, and Bearer token (on behalf of the user) from client app to web api1, and Bearer token (on behalf of the user) from web api1 to web api2),

If so, could you please help me with same programmatically or any documentation links for such scenarios?

Thanks,
P

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,697 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. 2020-11-13T19:25:15.49+00:00

    Hello @priyanka , yes it is possible. Client (app) id and resource (aud) will be the same for all (.NET) applications. BTW on behalf on can/should only be done from api1 to api2, not from client. You might also define different scopes, roles and secrets or certificates for each (.NET) application.

    Let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.