This post shows how Azure Key Vault certificates can be used with Microsoft.Identity.Web in an ASP.NET Core application which requires a downstream “access_as_user” API. The Azure AD App Registrations requires a certificate instead of a client secret.

Code: https://github.com/damienbod/AzureADAuthRazorUiServiceApiCertificate

Creating the Key Vault certificates

The certificate which will be used in the ASP.NET Core applications can be created in Azure Key Vault. The .cer export needs to be downloaded after the certificate has been created.

The certificate can then be uploaded to the Azure App Registration. Certificates are used for authentication instead of secrets.

#.net core #app service #azure #azure functions #azure key vault #oauth2 #security #asp.net core #aspnetcore #dotnet #identity #microsoft.identity.web #oauth #oidc #x509 #x509certificate2