Security wave regarding Identity Provider for Azure Web Apps

Santiago Lizarazo Mikly 0 Reputation points Microsoft Intern
2024-07-02T17:10:27.5166667+00:00

Quick question that I will appreciate clarification, regarding this security push and moving to managed identities, in the case of the identity provider for a azure web app, how can this be implemented since it uses OAuth2? Can I workaround and use managed identity to authenticate to the identity provider aad of the web app or which route I can take following the security push protocols? Thanks 🙂

Azure Static Web Apps
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
1,021 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. brtrach-MSFT 16,926 Reputation points Microsoft Employee
    2024-12-19T05:14:59.9966667+00:00

    @Santiago Lizarazo Mikly To get started with using managed identities for your Azure Web App, you'll first need to enable this feature in the Azure Portal under your app's identity settings. This gives your app an Azure AD identity automatically.

    Next, if your app uses Azure AD for OAuth2, you'll want to configure it to accept tokens from managed identities. This means you'll set up app registrations and permissions within Azure AD to make sure everything is in place.

    When your app needs to authenticate with other Azure services that support Azure AD, like Key Vault or SQL Database, it can use its managed identity to get an access token. The Azure Identity SDK can help with this—just a few lines of code to fetch the token using DefaultAzureCredential. Don't forget to replace the resource URI with the one for the service you're trying to access.

    Once you have that token, you can use it to make authorized requests to the Azure service by including it in the Authorization header of your HTTP requests.

    It's also important to ensure your app registration in Azure AD has the right permissions for whatever it needs to do. Double-check any specific security protocols your organization follows to make sure you're compliant.

    Keep an eye on everything by using Azure Monitor and checking Azure AD logs. This will help you track how managed identities are being used and ensure you're sticking to your security policies.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.