ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-203 All Questions

View all questions & answers for the AZ-203 exam
Go to Exam

Exam AZ-203 topic 23 question 3 discussion

Actual exam question from Microsoft's AZ-203
Question #: 3
Topic #: 23
[All AZ-203 Questions]

You need to access user claims in the e-commerce web app.
What should you do first?

  • A. Using the Azure CLI, enable Cross-origin resource sharing (CORS) from the e-commerce checkout API to the e-commerce web app.
  • B. Update the e-commerce web app to read the HTTP request header values.
  • C. Assign the Contributor RBAC role to the e-commerce web app by using the Resource Manager create role assignment API.
  • D. Write custom code to make a Microsoft Graph API call from the e-commerce web app.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
If you want more information about the user, you'll need to use the Azure AD Graph API.
References:
https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/claims
by Phantom88 at May 9, 2020, 9:12 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Phantom88
Highly Voted 5 years, 1 month ago
It should be B.
upvoted 21 times
...
Phantom88
Highly Voted 5 years, 1 month ago
https://docs.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to#access-user-claims
upvoted 5 times
...
meoukg
Most Recent 3 years, 3 months ago
Got it on 03/2022, I chose B. Update the e-commerce web app to read the HTTP request header values.
upvoted 1 times
...
altafpatel1984
3 years, 6 months ago
For all language frameworks, App Service makes the claims in the incoming token (whether from an authenticated end user or a client application) available to your code by injecting them into the request headers. External requests aren't allowed to set these headers, so they are present only if set by App Service. Some example headers include: X-MS-CLIENT-PRINCIPAL-NAME X-MS-CLIENT-PRINCIPAL-ID https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-user-identities
upvoted 1 times
...
Cornholioz
4 years, 5 months ago
Claims are name-value pairs that relay facts about the token subject. It contains many facts aboutt eh security principal among other info. user claims is available through a few means. If you want MORE INFO about the user, you'll need to use the AAD Graph API. Now the question doesn't say how much of the user claims info is to be accessed. So it's hard to say if B is sufficient or if we need to write custom code through Graph API. Inconclusive to me. I'll go with Graph API... rest is up to Bruce Almighty!
upvoted 1 times
...
eric_draven
4 years, 10 months ago
B only sends part of headers if you want all, you will need an extra call to /.auth/me that is a call to Graph, keep in mind you can create custom claims
upvoted 2 times
bugimachi
4 years, 5 months ago
This is true for the client-side code (in JS for example). The documentation linked below says, that ID and access tokens are injected through headers X-MS-TOKEN-AAD-ID-TOKEN and X-MS-TOKEN-AAD-ACCESS-TOKEN. https://docs.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to#access-user-claims
upvoted 1 times
...
...
AK89
5 years ago
It is B.
upvoted 4 times
...
Iq
5 years, 1 month ago
I feel like this should be B not D, if your user is signed in properly the claims should be in the header of all requests which should allow you to retrieve the claims using claims principal, i shouldnt need to write extra code to hit an api for all that information
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel