AAD authentication for Event Grid Subscribers












0















I have an Event Grid which is used for publishing events. I have a Web-Hook based subscriber which will be listening to the event. The webhook is hosted on Azure App Service and is protected by an AAD App.
In this scenario will Event Grid be able to publish an event to a Web endpoint which is protected by AAD?
My event grid topic and the web app are in the same subscription.






azure-active-directory azure-web-sites azure-eventgrid







share|improve this question























  • have a look at docs.microsoft.com/en-us/azure/event-grid/…

    – Roman Kiss
    Nov 21 '18 at 13:50











  • you can subscribe an access token in the query parameter of the webhook url

    – Roman Kiss
    Nov 21 '18 at 13:53











  • @RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header

    – Pratik Bhattacharya
    Nov 21 '18 at 14:03











  • beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers

    – Roman Kiss
    Nov 21 '18 at 14:43











  • @RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?

    – Pratik Bhattacharya
    Nov 21 '18 at 14:49
















0















I have an Event Grid which is used for publishing events. I have a Web-Hook based subscriber which will be listening to the event. The webhook is hosted on Azure App Service and is protected by an AAD App.
In this scenario will Event Grid be able to publish an event to a Web endpoint which is protected by AAD?
My event grid topic and the web app are in the same subscription.






azure-active-directory azure-web-sites azure-eventgrid







share|improve this question























  • have a look at docs.microsoft.com/en-us/azure/event-grid/…

    – Roman Kiss
    Nov 21 '18 at 13:50











  • you can subscribe an access token in the query parameter of the webhook url

    – Roman Kiss
    Nov 21 '18 at 13:53











  • @RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header

    – Pratik Bhattacharya
    Nov 21 '18 at 14:03











  • beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers

    – Roman Kiss
    Nov 21 '18 at 14:43











  • @RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?

    – Pratik Bhattacharya
    Nov 21 '18 at 14:49














0












0








0








I have an Event Grid which is used for publishing events. I have a Web-Hook based subscriber which will be listening to the event. The webhook is hosted on Azure App Service and is protected by an AAD App.
In this scenario will Event Grid be able to publish an event to a Web endpoint which is protected by AAD?
My event grid topic and the web app are in the same subscription.






azure-active-directory azure-web-sites azure-eventgrid







share|improve this question














I have an Event Grid which is used for publishing events. I have a Web-Hook based subscriber which will be listening to the event. The webhook is hosted on Azure App Service and is protected by an AAD App.
In this scenario will Event Grid be able to publish an event to a Web endpoint which is protected by AAD?
My event grid topic and the web app are in the same subscription.






azure-active-directory azure-web-sites azure-eventgrid




azure-active-directory azure-web-sites azure-eventgrid






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 21 '18 at 11:45









Pratik BhattacharyaPratik Bhattacharya

1,8451135




1,8451135













  • have a look at docs.microsoft.com/en-us/azure/event-grid/…

    – Roman Kiss
    Nov 21 '18 at 13:50











  • you can subscribe an access token in the query parameter of the webhook url

    – Roman Kiss
    Nov 21 '18 at 13:53











  • @RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header

    – Pratik Bhattacharya
    Nov 21 '18 at 14:03











  • beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers

    – Roman Kiss
    Nov 21 '18 at 14:43











  • @RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?

    – Pratik Bhattacharya
    Nov 21 '18 at 14:49



















  • have a look at docs.microsoft.com/en-us/azure/event-grid/…

    – Roman Kiss
    Nov 21 '18 at 13:50











  • you can subscribe an access token in the query parameter of the webhook url

    – Roman Kiss
    Nov 21 '18 at 13:53











  • @RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header

    – Pratik Bhattacharya
    Nov 21 '18 at 14:03











  • beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers

    – Roman Kiss
    Nov 21 '18 at 14:43











  • @RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?

    – Pratik Bhattacharya
    Nov 21 '18 at 14:49

















have a look at docs.microsoft.com/en-us/azure/event-grid/…

– Roman Kiss
Nov 21 '18 at 13:50





have a look at docs.microsoft.com/en-us/azure/event-grid/…

– Roman Kiss
Nov 21 '18 at 13:50













you can subscribe an access token in the query parameter of the webhook url

– Roman Kiss
Nov 21 '18 at 13:53





you can subscribe an access token in the query parameter of the webhook url

– Roman Kiss
Nov 21 '18 at 13:53













@RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header

– Pratik Bhattacharya
Nov 21 '18 at 14:03





@RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header

– Pratik Bhattacharya
Nov 21 '18 at 14:03













beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers

– Roman Kiss
Nov 21 '18 at 14:43





beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers

– Roman Kiss
Nov 21 '18 at 14:43













@RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?

– Pratik Bhattacharya
Nov 21 '18 at 14:49





@RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?

– Pratik Bhattacharya
Nov 21 '18 at 14:49












1 Answer
1






active

oldest

votes


















2














According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.



Per my experience, there are two ways to realize it.




  1. Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.


  2. However, the other way is to change your app service code to allow anonymous accessing. For example, adding [AllowAnonymous] on your controller method if using ASP.NET, please see the Azure Sample code.



hope it helps.






share|improve this answer
























  • Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

    – Pratik Bhattacharya
    Nov 22 '18 at 13:42











  • @PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

    – Roman Kiss
    Nov 22 '18 at 17:07











  • @PratikBhattacharya Not sure, and keep attention to events on Azure updates.

    – Peter Pan
    Nov 23 '18 at 1:10











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53411339%2faad-authentication-for-event-grid-subscribers%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.



Per my experience, there are two ways to realize it.




  1. Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.


  2. However, the other way is to change your app service code to allow anonymous accessing. For example, adding [AllowAnonymous] on your controller method if using ASP.NET, please see the Azure Sample code.



hope it helps.






share|improve this answer
























  • Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

    – Pratik Bhattacharya
    Nov 22 '18 at 13:42











  • @PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

    – Roman Kiss
    Nov 22 '18 at 17:07











  • @PratikBhattacharya Not sure, and keep attention to events on Azure updates.

    – Peter Pan
    Nov 23 '18 at 1:10
















2














According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.



Per my experience, there are two ways to realize it.




  1. Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.


  2. However, the other way is to change your app service code to allow anonymous accessing. For example, adding [AllowAnonymous] on your controller method if using ASP.NET, please see the Azure Sample code.



hope it helps.






share|improve this answer
























  • Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

    – Pratik Bhattacharya
    Nov 22 '18 at 13:42











  • @PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

    – Roman Kiss
    Nov 22 '18 at 17:07











  • @PratikBhattacharya Not sure, and keep attention to events on Azure updates.

    – Peter Pan
    Nov 23 '18 at 1:10














2












2








2







According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.



Per my experience, there are two ways to realize it.




  1. Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.


  2. However, the other way is to change your app service code to allow anonymous accessing. For example, adding [AllowAnonymous] on your controller method if using ASP.NET, please see the Azure Sample code.



hope it helps.






share|improve this answer













According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.



Per my experience, there are two ways to realize it.




  1. Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.


  2. However, the other way is to change your app service code to allow anonymous accessing. For example, adding [AllowAnonymous] on your controller method if using ASP.NET, please see the Azure Sample code.



hope it helps.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 22 '18 at 12:46









Peter PanPeter Pan

11.2k3823




11.2k3823













  • Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

    – Pratik Bhattacharya
    Nov 22 '18 at 13:42











  • @PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

    – Roman Kiss
    Nov 22 '18 at 17:07











  • @PratikBhattacharya Not sure, and keep attention to events on Azure updates.

    – Peter Pan
    Nov 23 '18 at 1:10



















  • Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

    – Pratik Bhattacharya
    Nov 22 '18 at 13:42











  • @PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

    – Roman Kiss
    Nov 22 '18 at 17:07











  • @PratikBhattacharya Not sure, and keep attention to events on Azure updates.

    – Peter Pan
    Nov 23 '18 at 1:10

















Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

– Pratik Bhattacharya
Nov 22 '18 at 13:42





Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

– Pratik Bhattacharya
Nov 22 '18 at 13:42













@PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

– Roman Kiss
Nov 22 '18 at 17:07





@PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

– Roman Kiss
Nov 22 '18 at 17:07













@PratikBhattacharya Not sure, and keep attention to events on Azure updates.

– Peter Pan
Nov 23 '18 at 1:10





@PratikBhattacharya Not sure, and keep attention to events on Azure updates.

– Peter Pan
Nov 23 '18 at 1:10


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53411339%2faad-authentication-for-event-grid-subscribers%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

If I really need a card on my start hand, how many mulligans make sense? [duplicate]

Image
5 This question already has an answer here: How do you calculate the likelihood of drawing certain cards in your opening hand? 3 answers There is a funny modern deck where you play Treasure Hunt, but you really need to have it on the starting hand. How many mulligans should I take, if my deck contains 60 cards and contains 4 copies of Treasure Hunt? magic-the-gathering probability share | improve this question asked Nov 23 '18 at 12:12 dan dan 152 4
Read more

Alcedinidae

Image
Alcedinidae Martin-pêcheur à dos bleu ( Alcedo azurea ) Classification (COI) Règne Animalia Embranchement Chordata Sous-embr. Vertebrata Classe Aves Ordre Coraciiformes Famille Alcedinidae Rafinesque, 1815 Les Alcédinidés ou Alcedinidae forment une famille d'oiseaux plus connus sous les noms de martins-pêcheurs et martins-chasseurs. Sommaire 1 Description 2 Répartition et habitat 3 Systématique 3.1 Liste alphabétique des genres 3.2 Liste des espèces 4 Chez les Anciens : l'alcyon 4.1 Étymologie (Littré) 4.2 Oiseau « fabuleux » ? 5 Notes 6 Articles connexes 7 Liens externes 7.1 Bibliographie Description | Ce sont des oiseaux compacts de taille petite à moyenne (10 à 46 cm), au bec droit et long, en forme de poignard. Leurs pattes sont courtes, et ils portent un plumage aux couleurs vives. Répartition et habitat | Cosmopolites, ils fréquentent surtout
Read more

Can an atomic nucleus contain both particles and antiparticles? [duplicate]

Image
9 $begingroup$ This question already has an answer here: What happens if we put together a proton and an antineutron? 2 answers Is it theoretically possible to make a "deuterium" atom containing a proton and an antineutron in its nucleus? Would the strong nuclear force cause attraction between a proton and an antineutron? Would such a nucleus be stable, or would the proton somehow annihilate the antineutron when close enough? nuclear-physics antimatter share | cite | improve this question asked yesterday
Read more