Skip to content

Latest commit

 

History

History
47 lines (31 loc) · 3.14 KB

add-web-api-application.md

File metadata and controls

47 lines (31 loc) · 3.14 KB
title description author manager ms.author ms.date ms.custom ms.topic ms.service ms.subservice
Add a web API application - Azure Active Directory B2C
Learn how to add a web API application to your Active Directory B2C tenant.
kengaderdus
CelesteDG
kengaderdus
10/11/2024
mvc
how-to
azure-active-directory
b2c

Add a web API application to your Azure Active Directory B2C tenant

This article shows you how to register web API resources in your Azure Active Directory B2C (Azure AD B2C) tenant so that they can accept and respond to requests by client applications that present an access token.

To register an application in your Azure AD B2C tenant, you can use the following steps:

  1. Sign in to the Azure portal.
  2. If you have access to multiple tenants, select the Settings icon in the top menu to switch to your Azure AD B2C tenant from the Directories + subscriptions menu.
  3. In the left menu, select Azure AD B2C. Or, select All services and search for and select Azure AD B2C.
  4. Select App registrations, and then select New registration.
  5. Enter a Name for the application. For example, webapi1.
  6. Under Redirect URI, select Web, and then enter an endpoint where Azure AD B2C should return any tokens that your application requests. In a production application, you might set the redirect URI an endpoint like https://localhost:5000. During development or testing, you can set it to https://jwt.ms, a Microsoft-owned web application that displays the decoded contents of a token (the contents of the token never leave your browser). You can add and modify redirect URIs in your registered applications at any time.
  7. Select Register.
  8. Record the Application (client) ID for use in your web API's code.

Configure scopes

Scopes provide a way to govern access to protected resources. Scopes are used by the web API to implement scope-based access control. For example, users of the web API could have both read and write access, or users of the web API might have only read access. In this tutorial, you use scopes to define read and write permissions for the web API.

[!INCLUDE active-directory-b2c-scopes]

Grant permissions

To call a protected web API from an application, you need to grant your application permissions to the API. For example, in Tutorial: Register an application in Azure Active Directory B2C, a web application named webapp1 is registered in Azure AD B2C. You can use this application to call the web API.

[!INCLUDE active-directory-b2c-permissions-api]

Your application is registered to call the protected web API. A user authenticates with Azure AD B2C to use the application. The application obtains an authorization grant from Azure AD B2C to access the protected web API.