AAD authentication for Event Grid Subscribers
I have an Event Grid which is used for publishing events. I have a Web-Hook based subscriber which will be listening to the event. The webhook is hosted on Azure App Service and is protected by an AAD App.
In this scenario will Event Grid be able to publish an event to a Web endpoint which is protected by AAD?
My event grid topic and the web app are in the same subscription.
azure-active-directory azure-web-sites azure-eventgrid
|
show 5 more comments
I have an Event Grid which is used for publishing events. I have a Web-Hook based subscriber which will be listening to the event. The webhook is hosted on Azure App Service and is protected by an AAD App.
In this scenario will Event Grid be able to publish an event to a Web endpoint which is protected by AAD?
My event grid topic and the web app are in the same subscription.
azure-active-directory azure-web-sites azure-eventgrid
have a look at docs.microsoft.com/en-us/azure/event-grid/…
– Roman Kiss
Nov 21 '18 at 13:50
you can subscribe an access token in the query parameter of the webhook url
– Roman Kiss
Nov 21 '18 at 13:53
@RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header
– Pratik Bhattacharya
Nov 21 '18 at 14:03
beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers
– Roman Kiss
Nov 21 '18 at 14:43
@RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?
– Pratik Bhattacharya
Nov 21 '18 at 14:49
|
show 5 more comments
I have an Event Grid which is used for publishing events. I have a Web-Hook based subscriber which will be listening to the event. The webhook is hosted on Azure App Service and is protected by an AAD App.
In this scenario will Event Grid be able to publish an event to a Web endpoint which is protected by AAD?
My event grid topic and the web app are in the same subscription.
azure-active-directory azure-web-sites azure-eventgrid
I have an Event Grid which is used for publishing events. I have a Web-Hook based subscriber which will be listening to the event. The webhook is hosted on Azure App Service and is protected by an AAD App.
In this scenario will Event Grid be able to publish an event to a Web endpoint which is protected by AAD?
My event grid topic and the web app are in the same subscription.
azure-active-directory azure-web-sites azure-eventgrid
azure-active-directory azure-web-sites azure-eventgrid
asked Nov 21 '18 at 11:45
Pratik BhattacharyaPratik Bhattacharya
1,8451135
1,8451135
have a look at docs.microsoft.com/en-us/azure/event-grid/…
– Roman Kiss
Nov 21 '18 at 13:50
you can subscribe an access token in the query parameter of the webhook url
– Roman Kiss
Nov 21 '18 at 13:53
@RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header
– Pratik Bhattacharya
Nov 21 '18 at 14:03
beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers
– Roman Kiss
Nov 21 '18 at 14:43
@RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?
– Pratik Bhattacharya
Nov 21 '18 at 14:49
|
show 5 more comments
have a look at docs.microsoft.com/en-us/azure/event-grid/…
– Roman Kiss
Nov 21 '18 at 13:50
you can subscribe an access token in the query parameter of the webhook url
– Roman Kiss
Nov 21 '18 at 13:53
@RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header
– Pratik Bhattacharya
Nov 21 '18 at 14:03
beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers
– Roman Kiss
Nov 21 '18 at 14:43
@RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?
– Pratik Bhattacharya
Nov 21 '18 at 14:49
have a look at docs.microsoft.com/en-us/azure/event-grid/…
– Roman Kiss
Nov 21 '18 at 13:50
have a look at docs.microsoft.com/en-us/azure/event-grid/…
– Roman Kiss
Nov 21 '18 at 13:50
you can subscribe an access token in the query parameter of the webhook url
– Roman Kiss
Nov 21 '18 at 13:53
you can subscribe an access token in the query parameter of the webhook url
– Roman Kiss
Nov 21 '18 at 13:53
@RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header
– Pratik Bhattacharya
Nov 21 '18 at 14:03
@RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header
– Pratik Bhattacharya
Nov 21 '18 at 14:03
beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers
– Roman Kiss
Nov 21 '18 at 14:43
beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers
– Roman Kiss
Nov 21 '18 at 14:43
@RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?
– Pratik Bhattacharya
Nov 21 '18 at 14:49
@RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?
– Pratik Bhattacharya
Nov 21 '18 at 14:49
|
show 5 more comments
1 Answer
1
active
oldest
votes
According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.
Per my experience, there are two ways to realize it.
Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.
However, the other way is to change your app service code to allow anonymous accessing. For example, adding
[AllowAnonymous]
on your controller method if using ASP.NET, please see the Azure Sample code.
hope it helps.
Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?
– Pratik Bhattacharya
Nov 22 '18 at 13:42
@PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid
– Roman Kiss
Nov 22 '18 at 17:07
@PratikBhattacharya Not sure, and keep attention to events on Azure updates.
– Peter Pan
Nov 23 '18 at 1:10
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53411339%2faad-authentication-for-event-grid-subscribers%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.
Per my experience, there are two ways to realize it.
Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.
However, the other way is to change your app service code to allow anonymous accessing. For example, adding
[AllowAnonymous]
on your controller method if using ASP.NET, please see the Azure Sample code.
hope it helps.
Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?
– Pratik Bhattacharya
Nov 22 '18 at 13:42
@PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid
– Roman Kiss
Nov 22 '18 at 17:07
@PratikBhattacharya Not sure, and keep attention to events on Azure updates.
– Peter Pan
Nov 23 '18 at 1:10
add a comment |
According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.
Per my experience, there are two ways to realize it.
Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.
However, the other way is to change your app service code to allow anonymous accessing. For example, adding
[AllowAnonymous]
on your controller method if using ASP.NET, please see the Azure Sample code.
hope it helps.
Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?
– Pratik Bhattacharya
Nov 22 '18 at 13:42
@PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid
– Roman Kiss
Nov 22 '18 at 17:07
@PratikBhattacharya Not sure, and keep attention to events on Azure updates.
– Peter Pan
Nov 23 '18 at 1:10
add a comment |
According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.
Per my experience, there are two ways to realize it.
Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.
However, the other way is to change your app service code to allow anonymous accessing. For example, adding
[AllowAnonymous]
on your controller method if using ASP.NET, please see the Azure Sample code.
hope it helps.
According to your description, you want to subscribe a topic of Event Grid via webhook hosted on Azure App Service which be protected by Azure AD.
Per my experience, there are two ways to realize it.
Due to access an url endpoint protected by AAD that be required an access token via AAD authentication, but there is no ablity to do the operation in programming on Event Grid. So as @Roman Kiss said, a workaround way is to create a proxy-like service to get the authorization token to access your webhook, such as using Azure Function App.
However, the other way is to change your app service code to allow anonymous accessing. For example, adding
[AllowAnonymous]
on your controller method if using ASP.NET, please see the Azure Sample code.
hope it helps.
answered Nov 22 '18 at 12:46
Peter PanPeter Pan
11.2k3823
11.2k3823
Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?
– Pratik Bhattacharya
Nov 22 '18 at 13:42
@PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid
– Roman Kiss
Nov 22 '18 at 17:07
@PratikBhattacharya Not sure, and keep attention to events on Azure updates.
– Peter Pan
Nov 23 '18 at 1:10
add a comment |
Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?
– Pratik Bhattacharya
Nov 22 '18 at 13:42
@PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid
– Roman Kiss
Nov 22 '18 at 17:07
@PratikBhattacharya Not sure, and keep attention to events on Azure updates.
– Peter Pan
Nov 23 '18 at 1:10
Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?
– Pratik Bhattacharya
Nov 22 '18 at 13:42
Thanks Peter. Are you aware of as to whether this functionality is in the roadmap of the Azure Event Grid team?
– Pratik Bhattacharya
Nov 22 '18 at 13:42
@PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid
– Roman Kiss
Nov 22 '18 at 17:07
@PratikBhattacharya the following is a link for feedback AEG team: feedback.azure.com/forums/909934-azure-event-grid
– Roman Kiss
Nov 22 '18 at 17:07
@PratikBhattacharya Not sure, and keep attention to events on Azure updates.
– Peter Pan
Nov 23 '18 at 1:10
@PratikBhattacharya Not sure, and keep attention to events on Azure updates.
– Peter Pan
Nov 23 '18 at 1:10
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53411339%2faad-authentication-for-event-grid-subscribers%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
have a look at docs.microsoft.com/en-us/azure/event-grid/…
– Roman Kiss
Nov 21 '18 at 13:50
you can subscribe an access token in the query parameter of the webhook url
– Roman Kiss
Nov 21 '18 at 13:53
@RomanKiss but how will the event grid generate the access token. Plus the bearer token is sent as an authorization header
– Pratik Bhattacharya
Nov 21 '18 at 14:03
beside that, the webhook handler must handle also a message validation, so the bearer token passed via a query parameter can be used within the webhook for its authorization, that is the present design of the event handlers
– Roman Kiss
Nov 21 '18 at 14:43
@RomanKiss, but how will the Event Grid generate the Bearer token before sending the event to the subscriber? Is there a way how some custom code (like AAD token generation) can be done by Event Grid?
– Pratik Bhattacharya
Nov 21 '18 at 14:49