Scenario: Web app that calls web APIs

Learn how to build a web app signing-in users on the Microsoft identity platform and that calls web APIs on behalf of the signed-in user.

Prerequisites

Before reading this article, you should be familiar with the following concepts or read the following articles:

This scenario supposes that you've gone through the following scenario:

Overview

You add authentication to your Web App, which can therefore sign in users and calls a web API on behalf of the signed-in user.

Web app that calls web APIs

Web Apps that calls web APIs:

  • are confidential client applications.
  • that's why they've registered a secret (application password or certificate) with Azure AD. This secret is passed-in during the call to Azure AD to get a token

Specifics

Note

Adding sign-in to a Web App does not use the MSAL libraries as this is about protecting the Web App. Protecting libraries is achieved by libraries named Middleware. This was the object of the previous scenario Sign-in users to a Web App

When calling web APIs from a Web App, you will need to get access tokens for these web APIs. You can use MSAL libraries to acquire these tokens.

The end to end experience of developers for this scenario has, therefore, specific aspects as:

  • During the Application registration, you'll need to provide one, or several (if you deploy your app to several locations) Reply URIs, secrets, or certificates need to be shared with Azure AD.
  • The Application configuration needs to provide client credentials as shared with Azure AD during the application registration

Next steps