Authorize request to Web PubSub resources with Azure AD from Azure applications

Azure Web PubSub Service supports Azure Active Directory (Azure AD) authorizing requests from Azure applications.

This article shows how to configure your Web PubSub resource and codes to authorize the request to a Web PubSub resource from an Azure application.

Register an application

The first step is to register an Azure application.

  1. On the Azure portal, search for and select Azure Active Directory

  2. Under Manage section, select App registrations.

  3. Click New registration.

    Screenshot of registering an application

  4. Enter a display Name for your application.

  5. Click Register to confirm the register.

Once you have your application registered, you can find the Application (client) ID and Directory (tenant) ID under its Overview page. These GUIDs can be useful in the following steps.

Screenshot of an application

To learn more about registering an application, see

Add credentials

You can add both certificates and client secrets (a string) as credentials to your confidential client app registration.

Client secret

The application requires a client secret to prove its identity when requesting a token. To create a client secret, follow these steps.

  1. Under Manage section, select Certificates & secrets
  2. On the Client secrets tab, click New client secret. Screenshot of creating a client secret
  3. Enter a description for the client secret, and choose a expire time.
  4. Copy the value of the client secret and then paste it to a secure location.

    Note

    The secret will display only once.

Certificate

You can also upload a certification instead of creating a client secret.

Screenshot of uploading a certification

To learn more about adding credentials, see

Add role assignments on Azure portal

This sample shows how to assign a Web PubSub Service Owner role to a service principal (application) over a Web PubSub resource.

Note

A role can be assigned to any scope, including management group, subscription, resource group or a single resource. To learn more about scope, see Understand scope for Azure RBAC

  1. On the Azure portal, navigate to your Web PubSub resource.

  2. Click Access Control (IAM) to display access control settings for the Azure Web PubSub.

  3. Click the Role assignments tab to view the role assignments at this scope.

    The following screenshot shows an example of the Access control (IAM) page for a Web PubSub resource.

    Screenshot of access control

  4. Click Add > Add role assignment.

  5. On the Roles tab, select Web PubSub App Server.

  6. Click Next.

    Screenshot of adding role assignment

  7. On the Members tab, under Assign access to section, select User, group, or service principal.

  8. Click Select Members

  9. Search for and select the application that you would like to assign the role to.

  10. Click Select to confirm the selection.

  11. Click Next.

    Screenshot of assigning role to service principals

  12. Click Review + assign to confirm the change.

Important

Azure role assignments may take up to 30 minutes to propagate. To learn more about how to assign and manage Azure role assignments, see these articles:

Sample codes

We officially support 4 programming languages:

Next steps

See the following related articles: