Home How to protect a Pode web api with Azure AD
Post
Cancel

How to protect a Pode web api with Azure AD

Introduction

I’ve recently done a knowledge sharing session about how to protect web API with Azure AD. Long story short, I’ve decided to use the Pode module in addition to MSAL.PS and ValidateAADJwt which is a module that I’ve published which optimize the Azure AD token verification.

In this article I will expose a template that I’ve created that I can paste for later usage where I expose several grouped routes where each group use the middleware to verify if the received token is first a valid one (exp, signature, iss, aud validation) and then add more claim validation.

Web API

I won’t explain the Azure AD configuration, don’t hesitate to ask if you need help. You will be able to find the code here.

In this example, I will expose 3 groups of routes:

  • Anonymous for fun.
  • Admin where the token received required to be valid and with the admin property in claim role.
  • NonAdmin where the token received required to be valid and with the nonadmin property in claim role.

The only comment I want to add in addition to the well commented code is defaultRule.ps1 (Under authentication folder). You don’t have to touch this file, this one will validate the required fields. If you need to validate something else, just add a new file like adminRole.ps1 and put your logic. Then simply add a new line ine the startpode.ps1 (line 19).

I hope the code will be helpful to some of you.

Cheers

This post is licensed under CC BY 4.0 by the author.