AAD authentication for Event Grid Subscribers












0















I have an Event Grid which is used for publishing events. I have a Web-Hook based subscriber which will be listening to the event. The webhook is hosted on Azure App Service and is protected by an AAD App.
In this scenario will Event Grid be able to publish an event to a Web endpoint which is protected by AAD?
My event grid topic and the web app are in the same subscription.










share|improve this question























  • have a look at docs.microsoft.com/en-us/azure/event-grid/…

    – Roman Kiss
    Nov 21 '18 at 13:50











  • you can subscribe an access token in the query parameter of the webhook url

    – Roman Kiss
    Nov 21 '18 at 13:53











  • @RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header

    – Pratik Bhattacharya
    Nov 21 '18 at 14:03











  • beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers

    – Roman Kiss
    Nov 21 '18 at 14:43











  • @RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?

    – Pratik Bhattacharya
    Nov 21 '18 at 14:49
















0















I have an Event Grid which is used for publishing events. I have a Web-Hook based subscriber which will be listening to the event. The webhook is hosted on Azure App Service and is protected by an AAD App.
In this scenario will Event Grid be able to publish an event to a Web endpoint which is protected by AAD?
My event grid topic and the web app are in the same subscription.










share|improve this question























  • have a look at docs.microsoft.com/en-us/azure/event-grid/…

    – Roman Kiss
    Nov 21 '18 at 13:50











  • you can subscribe an access token in the query parameter of the webhook url

    – Roman Kiss
    Nov 21 '18 at 13:53











  • @RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header

    – Pratik Bhattacharya
    Nov 21 '18 at 14:03











  • beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers

    – Roman Kiss
    Nov 21 '18 at 14:43











  • @RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?

    – Pratik Bhattacharya
    Nov 21 '18 at 14:49














0












0








0








I have an Event Grid which is used for publishing events. I have a Web-Hook based subscriber which will be listening to the event. The webhook is hosted on Azure App Service and is protected by an AAD App.
In this scenario will Event Grid be able to publish an event to a Web endpoint which is protected by AAD?
My event grid topic and the web app are in the same subscription.










share|improve this question














I have an Event Grid which is used for publishing events. I have a Web-Hook based subscriber which will be listening to the event. The webhook is hosted on Azure App Service and is protected by an AAD App.
In this scenario will Event Grid be able to publish an event to a Web endpoint which is protected by AAD?
My event grid topic and the web app are in the same subscription.







azure-active-directory azure-web-sites azure-eventgrid






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 21 '18 at 11:45









Pratik BhattacharyaPratik Bhattacharya

1,8451135




1,8451135













  • have a look at docs.microsoft.com/en-us/azure/event-grid/…

    – Roman Kiss
    Nov 21 '18 at 13:50











  • you can subscribe an access token in the query parameter of the webhook url

    – Roman Kiss
    Nov 21 '18 at 13:53











  • @RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header

    – Pratik Bhattacharya
    Nov 21 '18 at 14:03











  • beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers

    – Roman Kiss
    Nov 21 '18 at 14:43











  • @RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?

    – Pratik Bhattacharya
    Nov 21 '18 at 14:49



















  • have a look at docs.microsoft.com/en-us/azure/event-grid/…

    – Roman Kiss
    Nov 21 '18 at 13:50











  • you can subscribe an access token in the query parameter of the webhook url

    – Roman Kiss
    Nov 21 '18 at 13:53











  • @RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header

    – Pratik Bhattacharya
    Nov 21 '18 at 14:03











  • beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers

    – Roman Kiss
    Nov 21 '18 at 14:43











  • @RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?

    – Pratik Bhattacharya
    Nov 21 '18 at 14:49

















have a look at docs.microsoft.com/en-us/azure/event-grid/…

– Roman Kiss
Nov 21 '18 at 13:50





have a look at docs.microsoft.com/en-us/azure/event-grid/…

– Roman Kiss
Nov 21 '18 at 13:50













you can subscribe an access token in the query parameter of the webhook url

– Roman Kiss
Nov 21 '18 at 13:53





you can subscribe an access token in the query parameter of the webhook url

– Roman Kiss
Nov 21 '18 at 13:53













@RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header

– Pratik Bhattacharya
Nov 21 '18 at 14:03





@RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header

– Pratik Bhattacharya
Nov 21 '18 at 14:03













beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers

– Roman Kiss
Nov 21 '18 at 14:43





beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers

– Roman Kiss
Nov 21 '18 at 14:43













@RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?

– Pratik Bhattacharya
Nov 21 '18 at 14:49





@RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?

– Pratik Bhattacharya
Nov 21 '18 at 14:49












1 Answer
1






active

oldest

votes


















2














According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.



Per my experience, there are two ways to realize it.




  1. Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.


  2. However, the other way is to change your app service code to allow anonymous accessing. For example, adding [AllowAnonymous] on your controller method if using ASP.NET, please see the Azure Sample code.



hope it helps.






share|improve this answer
























  • Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

    – Pratik Bhattacharya
    Nov 22 '18 at 13:42











  • @PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

    – Roman Kiss
    Nov 22 '18 at 17:07











  • @PratikBhattacharya Not sure, and keep attention to events on Azure updates.

    – Peter Pan
    Nov 23 '18 at 1:10











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53411339%2faad-authentication-for-event-grid-subscribers%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.



Per my experience, there are two ways to realize it.




  1. Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.


  2. However, the other way is to change your app service code to allow anonymous accessing. For example, adding [AllowAnonymous] on your controller method if using ASP.NET, please see the Azure Sample code.



hope it helps.






share|improve this answer
























  • Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

    – Pratik Bhattacharya
    Nov 22 '18 at 13:42











  • @PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

    – Roman Kiss
    Nov 22 '18 at 17:07











  • @PratikBhattacharya Not sure, and keep attention to events on Azure updates.

    – Peter Pan
    Nov 23 '18 at 1:10
















2














According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.



Per my experience, there are two ways to realize it.




  1. Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.


  2. However, the other way is to change your app service code to allow anonymous accessing. For example, adding [AllowAnonymous] on your controller method if using ASP.NET, please see the Azure Sample code.



hope it helps.






share|improve this answer
























  • Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

    – Pratik Bhattacharya
    Nov 22 '18 at 13:42











  • @PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

    – Roman Kiss
    Nov 22 '18 at 17:07











  • @PratikBhattacharya Not sure, and keep attention to events on Azure updates.

    – Peter Pan
    Nov 23 '18 at 1:10














2












2








2







According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.



Per my experience, there are two ways to realize it.




  1. Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.


  2. However, the other way is to change your app service code to allow anonymous accessing. For example, adding [AllowAnonymous] on your controller method if using ASP.NET, please see the Azure Sample code.



hope it helps.






share|improve this answer













According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.



Per my experience, there are two ways to realize it.




  1. Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.


  2. However, the other way is to change your app service code to allow anonymous accessing. For example, adding [AllowAnonymous] on your controller method if using ASP.NET, please see the Azure Sample code.



hope it helps.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 22 '18 at 12:46









Peter PanPeter Pan

11.2k3823




11.2k3823













  • Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

    – Pratik Bhattacharya
    Nov 22 '18 at 13:42











  • @PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

    – Roman Kiss
    Nov 22 '18 at 17:07











  • @PratikBhattacharya Not sure, and keep attention to events on Azure updates.

    – Peter Pan
    Nov 23 '18 at 1:10



















  • Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

    – Pratik Bhattacharya
    Nov 22 '18 at 13:42











  • @PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

    – Roman Kiss
    Nov 22 '18 at 17:07











  • @PratikBhattacharya Not sure, and keep attention to events on Azure updates.

    – Peter Pan
    Nov 23 '18 at 1:10

















Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

– Pratik Bhattacharya
Nov 22 '18 at 13:42





Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?

– Pratik Bhattacharya
Nov 22 '18 at 13:42













@PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

– Roman Kiss
Nov 22 '18 at 17:07





@PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid

– Roman Kiss
Nov 22 '18 at 17:07













@PratikBhattacharya Not sure, and keep attention to events on Azure updates.

– Peter Pan
Nov 23 '18 at 1:10





@PratikBhattacharya Not sure, and keep attention to events on Azure updates.

– Peter Pan
Nov 23 '18 at 1:10


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53411339%2faad-authentication-for-event-grid-subscribers%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

"Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

Alcedinidae

RAC Tourist Trophy