I have a case where there is a Web API on premises that requires Windows integrated authentication. I also have an Azure web application and Azure Web API. The azure web application authenticates users using Azure AD credentials. I need the following:
I need the front end application to pass the Azure AD credentials to the Azure Web API.
The azure web API will need at some time to communicate with the on-premise web API and my question is if Azure Application proxy can work in this case to do a Kerberos constrained delegation to impersonate the corresponding user with windows integrated authentication.
would the above work?