-1👍
To fulfill this scenario there are two parts to it:
-
Web App calls Web API on behalf of signed in user. To implement this, you will have to Configure Client Application to call Web API. Following this, will help you to provide you Web app Delegated permissions for your Web API.
-
You don’t have to necessarily check SQL db for users, you can Azure AD will do this internally for you, you just have to use below code:
public void ConfigureServices(IServiceCollection services) { // Adds Microsoft Identity platform (AAD v2.0) support to protect this API services.AddAuthentication(AzureADDefaults.JwtBearerAuthenticationScheme) .AddMicrosoftIdentityWebApi(Configuration, "AzureAd"); services.AddControllers(); }For more details on Code configuration, visit Protected web API: Code configuration.
-
ASP.NET Core Identity:
- Is an API that supports user interface (UI) login functionality.
- Manages users, passwords, profile data, roles, claims, tokens, email confirmation, and more.
Microsoft identity platform is:
- An evolution of the Azure Active Directory (Azure AD) developer platform.
- Unrelated to ASP.NET Core Identity.
ASP.NET Core Identity adds user interface (UI) login functionality to ASP.NET Core web apps. To secure web APIs and SPAs, use one of the following:
- Azure Active Directory
- Azure Active Directory B2C (Azure AD B2C)
- IdentityServer4
For different code setups, visit this: Introduction to Identity on ASP.NET Core
You have probably mixed two different approaches, pls have a look at these links for further clarification.