question

lilixu avatar image
0 Votes"
lilixu asked JamesTran-MSFT commented

Is it OK to use single app registration for both end user log in and backend resource access? (as both public & confidential app)

I have an app registration X and I want user to log in through X to my service with implicit grant flow (X as public application) and also have backend server use cert to auth with X and do client credentials flow to access internal storage(X as confidential app), X's SP in each tenant is granted storage accounts RBAC role.

In this case I am reuse the same app X for both purposes. Is it a good practice or is there any concern in terms of security of doing it?

azure-active-directoryazure-ad-app-registration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak-MSFT avatar image
1 Vote"
MarileeTurscak-MSFT answered JamesTran-MSFT commented

Are you just hoping to give them access to your storage account? The recommended approach for this is to use Shared Access Signatures. A shared access signature (SAS) provides you with a way to grant limited access to objects in your storage account to other clients, without exposing your account key.

https://stackoverflow.com/questions/55250113/application-registered-in-aad-is-denied-azure-storage-account-access

If you follow that approach then there shouldn't be an issue with the single app registration.

This is more of a Storage question than an Azure AD question so please let me know if I'm misunderstanding anything.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@lilixu
I just wanted to check in and see if you required additional assistance or if you were able to resolve this issue?


If any reply/answer helped resolve your question, please remember to "mark as answer" so that others in the community facing similar issues can easily find the solution.

0 Votes 0 ·