Protected web api configuration

Like web apps, the ASP.NET and ASP.NET Core web APIs are protected because their controller actions are prefixed with the [Authorize] attribute. The controller actions can be called only if the API is called with an authorized identity.

Consider the following questions:

  • Only an app can call a web API. How does the API know the identity of the app that calls it?
  • If the app calls the API on behalf of a user, what’s the user’s identity?

Read more here;

https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-protected-web-api-app-configuration

FavoriteLoadingAdd to favorites
Spread the love

Author: Shahzad Khan

Software developer / Architect