ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-301 All Questions

View all questions & answers for the AZ-301 exam
Go to Exam

Exam AZ-301 topic 17 question 10 discussion

Actual exam question from Microsoft's AZ-301
Question #: 10
Topic #: 17
[All AZ-301 Questions]

HOTSPOT -
You are designing a software as a service (SaaS) application that will enable Azure Active Directory (Azure AD) users to create and publish surveys. The SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.
You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:
✑ To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens.
✑ The web app must authenticate by using the identities of individual users.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
References:
https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-dotnet-webapi
by Ekramy_Elnaggar at Jan. 16, 2020, 1:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ekramy_Elnaggar
Highly Voted 5 years, 4 months ago
This is a repeated question: https://www.examtopics.com/exams/microsoft/az-301/view/24/
upvoted 10 times
JohnAvlakiotis
5 years, 3 months ago
Not there...
upvoted 2 times
tartar
4 years, 8 months ago
Question 1: Azure AD Question 2: A web app
upvoted 6 times
...
...
eng_inside2007
5 years, 3 months ago
Better to answer instead of keep say repeated q ?!
upvoted 21 times
SilentH
5 years, 2 months ago
Disagree, I appreciate Ekramy pointing out these are repeated questions. I create flash cards from these questions and so he saves me having to create duplicate flash cards.
upvoted 17 times
levianthan
4 years, 8 months ago
A few repeated questions won't ruin the card game.
upvoted 3 times
notyourname
3 years, 7 months ago
2 king of hearts would ruin a deck
upvoted 1 times
...
...
...
...
...
pkum
Highly Voted 4 years, 12 months ago
Azure AD, Web API are correct answers. Please refer auth workflow diagram here: https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api#register-the-web-api-in-azure-ad
upvoted 5 times
...
sanketshah
Most Recent 4 years, 5 months ago
given answer is correct.
upvoted 1 times
...
Test_Taker_1
4 years, 9 months ago
Says it here plan as day: https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/web-api Question Requirements: "... must authenticate by using OAuth 2 bearer tokens." "... authenticate by using the identities of individual users." The link above offers 2 flows: 1. Delegated User Identity - this isn't the correct because the one below fits better. 2. Application Identity - Uses OAUTH - Authorization will be performed by Web Application For both cases, it says that a token must come from an identity providers. Therefore Question 1: Azure AD (it's the identity provider) Question 2: "A web app"
upvoted 2 times
...
[Removed]
4 years, 9 months ago
A perfect example is given here: https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/
upvoted 1 times
...
jivom
4 years, 10 months ago
Access token is generated by Active Directoy but Authorization is always provided by Web Api. The Web app requests the access token to AD, and the web app then asks API to verify that access token.
upvoted 3 times
...
NKnab
4 years, 11 months ago
Using the access token to call the web API Once you have the token, send it in the Authorization header of the HTTP requests to the web API.
upvoted 1 times
...
Dlouc
5 years ago
answer for second part - is Web App The web API does not get information about the user. The web API cannot perform any authorization based on the user identity. All authorization decisions are made by the web application.
upvoted 1 times
pieixoto
5 years ago
Did you read the requirements? "To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens. The web app must authenticate by using the identities of individual users." Of course the Web API gets information about the user because the Web App MUST give it the oauth 2 bearer token and it must authenticate using the user's identities.
upvoted 3 times
...
...
pandeya442
5 years ago
Repeated one- Azure AD Web API
upvoted 4 times
...
AS007
5 years, 1 month ago
AAD Web App
upvoted 3 times
...
blackalbum
5 years, 2 months ago
The answer is correct. Delegated User Identity: The web API makes authorization decisions based on the user identity. https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api
upvoted 4 times
Kaawa
4 years, 10 months ago
it's using oauth, so "Application identity", hence, WebApp takes care authorization
upvoted 2 times
...
maheshwary
4 years, 10 months ago
The question says: To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens. This means that it is not using 'Delegated User Identity' and so cannot authorized individual users, which by the way is the requirement. So web API options seems incorrect. Not sure what the alternative here is.
upvoted 1 times
levianthan
4 years, 8 months ago
Authenticate != Authorize I believe the WebApp authenticates the user, and then the API authorizes the authenticated user. The authenticated user presents its authority through the bearer token. The WebApp itself does not decide if the user has authority to access the API, it only authenticates him.
upvoted 1 times
...
...
ihustle
4 years, 5 months ago
Thank you for this link, it clarifies the answers.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel