How can we improve Microsoft Azure API Apps?

Certificate Authentication

From what I can see clients can only authenticate to API apps interactively. This, like others said, makes automated authentication difficult. It would be great to support certificate authentication, much like the Azure Management API does, i.e. https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx#bk_cert

20 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Fabio MariniFabio Marini shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    unplanned  ·  Azure App Service TeamAdminAzure App Service Team (Admin, Microsoft Azure) responded  · 

    Thank you for your feedback!

    For the time being you can use service principle auth to programmatically authenticate with an API if you are using AAD auth. https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-dotnet-service-principal-auth

    We would like to add general cert auth to App Service authentication/authorization in the future. I am placing this item in “unplanned” to be used in future planning sessions.

    Thanks!
    Alex
    Azure App Service Team

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Rafa SanchezRafa Sanchez commented  ·   ·  Flag as inappropriate

        Hello,

        There has been some progress on this issue?

        We are developing a windows service application, it uses Microsoft Graph in order to do some operations into a domain: CRUD users, Calendar, Mail, OneDrive.
        We can do those operations correctly using interactive authentication/Authorization with an administrator user to the Azure AD domain asociated to the Office365 account.

        But we need to do this in daemon mode, by using a certificate, like this example: https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential

        We try to do this using portal.azure.com, creating a certificate and modifying Manifesto (inserting appropiate keys into "keyCredentials").
        But after obtain an Access Token, when doing the request to operation (for example, send a mail) the response obtained was " Access is denied. Check credentials and try again."

        We don't have an Azure subscription, only an Office365 for developer subscription. The final product must work using an Office365 Education license.

      Feedback and Knowledge Base