Authorize request to Web PubSub resources with Azure AD from Azure applications
Azure Web PubSub Service supports Azure Active Directory (Azure AD) authorizing requests from Azure applications.
This article shows how to configure your Web PubSub resource and codes to authorize the request to a Web PubSub resource from an Azure application.
Register an application
The first step is to register an Azure application.
On the Azure portal, search for and select Azure Active Directory
Under Manage section, select App registrations.
Click New registration.
Enter a display Name for your application.
Click Register to confirm the register.
Once you have your application registered, you can find the Application (client) ID and Directory (tenant) ID under its Overview page. These GUIDs can be useful in the following steps.
To learn more about registering an application, see
You can add both certificates and client secrets (a string) as credentials to your confidential client app registration.
The application requires a client secret to prove its identity when requesting a token. To create a client secret, follow these steps.
- Under Manage section, select Certificates & secrets
- On the Client secrets tab, click New client secret.
- Enter a description for the client secret, and choose a expire time.
- Copy the value of the client secret and then paste it to a secure location.
The secret will display only once.
You can also upload a certification instead of creating a client secret.
To learn more about adding credentials, see
Add role assignments on Azure portal
This sample shows how to assign a
Web PubSub Service Owner role to a service principal (application) over a Web PubSub resource.
A role can be assigned to any scope, including management group, subscription, resource group or a single resource. To learn more about scope, see Understand scope for Azure RBAC
On the Azure portal, navigate to your Web PubSub resource.
Click Access Control (IAM) to display access control settings for the Azure Web PubSub.
Click the Role assignments tab to view the role assignments at this scope.
The following screenshot shows an example of the Access control (IAM) page for a Web PubSub resource.
Click Add > Add role assignment.
On the Roles tab, select
Web PubSub App Server.
On the Members tab, under Assign access to section, select User, group, or service principal.
Click Select Members
Search for and select the application that you would like to assign the role to.
Click Select to confirm the selection.
Click Review + assign to confirm the change.
Azure role assignments may take up to 30 minutes to propagate. To learn more about how to assign and manage Azure role assignments, see these articles:
- Assign Azure roles using the Azure portal
- Assign Azure roles using the REST API
- Assign Azure roles using Azure PowerShell
- Assign Azure roles using Azure CLI
- Assign Azure roles using Azure Resource Manager templates
We officially support 4 programming languages:
See the following related articles: