Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
A web app that calls web APIs has the same registration as a web app that signs users in. So, follow the instructions in A web app that signs in users: App registration.
However, because the web app now also calls web APIs, it becomes a confidential client application. That's why some extra registration is required. The app must share client credentials, or secrets, with the Microsoft identity platform.
As with any confidential client application, you need to add a secret or certificate to act as that application's credentials so it can authenticate as itself, without user interaction.
You can add credentials to your client app's registration by using the Azure portal or by using a command-line tool like PowerShell.
To add credentials to your confidential client application's app registration, follow the steps in Quickstart: Register an application with the Microsoft identity platform for the type of credential you want to add:
Alternatively, you can add credentials when you register your application with the Microsoft identity platform by using PowerShell.
The active-directory-dotnetcore-daemon-v2 code sample on GitHub shows how to add an application secret or certificate when registering an application:
- For details on how to add a client secret with PowerShell, see AppCreationScripts/Configure.ps1.
- For details on how to add a certificate with PowerShell, see AppCreationScripts-withCert/Configure.ps1.
Web apps call APIs on behalf of the signed-in user. To do that, they must request delegated permissions. For details, see Add permissions to access your web API.
Move on to the next article in this scenario, Code configuration.