Home > Blockchain >  Azure API Management - Authorize Attribute
Azure API Management - Authorize Attribute

Time:04-01

I'm hosting my API in Azure and configured API Management for authentication and authorization. Do I still need to include the [Authorize] attribute on my api controllers? If so, what would I need in the Startup class to allow access when calling through Azure, but be unauthorized if call the endpoints directly?

    [ApiController]
    [Route("api/[controller]")]
    public class TestController : BaseController

CodePudding user response:

As per my understanding from your question you can take up in this way.

  1. Still go with [Authorize], as after hosting in APIm stil app need to authorize the user, post authentication.

  2. Authentication will be there in startup.cs

    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
       .AddJwtBearer(options =>
       {
           options.Authority = <<Pass your authority>>;
           options.Audience = <<Pass audience>>;
           options.RequireHttpsMetadata = true;
           options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
           {
               ValidateIssuer = false
           };

       });

  3. Use Validate Jwt Inbound policy in APIM.

  4. But if the user is able to generate a required Bearer token then it should be able to access. If you want to restrict if it's not from APIM then you can check the APIM subscription Key in the header & can decline the user request.

Page link:https//www.codepudding.com/Blockchain/357073.html

Prev:Cannot login to Azure with system assigned managed identity ID
Next:sub URLs to my website not loading on Linux, Azure and Nginx - 404 not found
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding