ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-301 All Questions

View all questions & answers for the AZ-301 exam
Go to Exam

Exam AZ-301 topic 2 question 13 discussion

Actual exam question from Microsoft's AZ-301
Question #: 13
Topic #: 2
[All AZ-301 Questions]

HOTSPOT -
You are designing a software as a service (SaaS) application that will enable Azure Active Directory (Azure AD) users to create and publish surveys. The SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.
You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:
✑ To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens.
✑ The web app must authenticate by using the identities of individual users.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
References:
https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-dotnet-webapi
by dciti at Oct. 21, 2019, 5:55 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Oz
Highly Voted 5 years, 8 months ago
The reference https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api has the picture with clear authentication path. Web App requests the token and Azure AD generates the token. Web App then makes a decision on user authorization, based on return token Explicit statement is that The web API cannot perform any authorization based on the user identity. All authorization decisions are made by the web application. So correct answers are Box 1: Azure AD Box 2: Web App
upvoted 40 times
onlyfunmails
5 years, 7 months ago
in your link provided, please check below. Authenticating in the web API The web API has to authenticate the bearer token.
upvoted 7 times
...
heftjustice
5 years, 4 months ago
incorrect its AD and Web Api
upvoted 8 times
...
pinchocr
5 years, 3 months ago
Box1: Azure AD Box2: AIP Related the reference you mention, see "The web API makes authorization decisions based on the user identity."
upvoted 2 times
pinchocr
5 years, 3 months ago
Sorry, typo: Box2:API
upvoted 2 times
...
...
ablab
5 years ago
Its incorrect. Given Answer is correct. Authenticating in the web API https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api#register-the-web-api-in-azure-ad
upvoted 1 times
...
Load full discussion...
...
bolbol
Highly Voted 5 years, 6 months ago
The provided answer is correct. accorded to the scenario: it's delegated access: There are two main approaches you can take: Delegated user identity. The web application authenticates with the user's identity. Application identity. The web application authenticates with its client ID, using OAuth 2 client credential flow. Delegated user identity: The bearer token sent to the web API contains the user identity. The web API makes authorization decisions based on the user identity. Ref Link: https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api
upvoted 6 times
...
Preeto18
Most Recent 3 years, 4 months ago
Answer is : Azure AD and Web API ....100% correct!!! https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api
upvoted 1 times
...
levo017
4 years, 5 months ago
The authorization should be done by API, this is OAuth2 standard. Front-end initiated the login ( Auth + Authorize) process, but Front-end does NOT know the user's claims ( permission / capabilities ). See following pdf: https://tools.ietf.org/pdf/rfc6749.pdf#page=24&zoom=100,-5,76
upvoted 1 times
...
glam
4 years, 6 months ago
Question 1: Azure AD Question 2: A web app
upvoted 2 times
...
sanketshah
4 years, 7 months ago
Azure AD Web ApI correct answer
upvoted 3 times
...
kcinofni
4 years, 8 months ago
The given answer is correct: https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api The web app must authenticate by using the identities of individual users. "Delegated user identity. The web application authenticates with the user's identity. - The bearer token sent to the web API contains the user identity. - The web API makes authorization decisions based on the user identity."
upvoted 2 times
shapgi
4 years, 7 months ago
this the correct one
upvoted 1 times
wgre
4 years, 7 months ago
correct
upvoted 1 times
...
...
...
AhmedAL
4 years, 9 months ago
AAD WebApp - if you need to provide user level RBAC
upvoted 1 times
...
multcloud
4 years, 10 months ago
webapp can make authorization decision. You do not need to push it to WebAPI
upvoted 1 times
...
user_name
4 years, 10 months ago
Box 1: Azure AD https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api For client credentials, an application might get the token from the IDP or host its own token server. (But don't write a token server from scratch; use a well-tested framework like IdentityServer4.) If you authenticate with Azure AD, it's strongly recommended to get the access token from Azure AD, even with client credential flow. Box 2: Web App
upvoted 1 times
...
cj93s3
4 years, 11 months ago
web app makes authz decisions. box 1 - Azure AD box 2 - Web App
upvoted 3 times
...
Neetiniti
5 years ago
Answer-Box 1: Azure AD- Before calling the web API, the web application gets an access token from Azure AD. Box 2: Web API-The web API makes authorization decisions based on the user identity. https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api#register-the-web-api-in-azure-ad
upvoted 3 times
...
Prash85
5 years, 1 month ago
given answers are correct
upvoted 1 times
...
corona2020
5 years, 2 months ago
I believe the answers are correct. Fundamentally if webapp needs to prove to webapi that it has require authorization, then webapi need to authenticate that webapp is right, if webapp itselft says I have credentials and have authorized my self it would be so funny.
upvoted 1 times
...
P0d
5 years, 2 months ago
Oz mentioned correctly: The give link says: Application identity: The web API does not get information about the user. The web API cannot perform any authorization based on the user identity. All authorization decisions are made by the web application. So correct answers is: AD & WebApp
upvoted 1 times
...
Rajuuu
5 years, 3 months ago
Answer is correct ..Access token is generated by Active Directoy but Authorization is always provided by Web aPi or any Web application .
upvoted 2 times
...
mykolaantoniv
5 years, 5 months ago
1) Azure AD 2) Web App
upvoted 1 times
mykolaantoniv
5 years, 5 months ago
AD and API (not web app)
upvoted 18 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel