AZ-301 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-301 Exam - Question 178

HOTSPOT -

You are designing a software as a service (SaaS) application that will enable Azure Active Directory (Azure AD) users to create and publish surveys. The SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.

You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:

✑ To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens.

✑ The web app must authenticate by using the identities of individual users.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Exam AZ-301 Question 178
Show Answer
Correct Answer:
Exam AZ-301 Question 178

References:

https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-dotnet-webapi

Discussion

11 comments
Sign in to comment
Ekramy_Elnaggar
Jan 16, 2020

This is a repeated question: https://www.examtopics.com/exams/microsoft/az-301/view/24/

JohnAvlakiotis
Feb 11, 2020

Not there...

tartar
Sep 20, 2020

Question 1: Azure AD Question 2: A web app

eng_inside2007
Mar 3, 2020

Better to answer instead of keep say repeated q ?!

SilentH
Apr 4, 2020

Disagree, I appreciate Ekramy pointing out these are repeated questions. I create flash cards from these questions and so he saves me having to create duplicate flash cards.

levianthan
Sep 28, 2020

A few repeated questions won't ruin the card game.

notyourname
Nov 9, 2021

2 king of hearts would ruin a deck

notyourname
Nov 9, 2021

2 king of hearts would ruin a deck

levianthan
Sep 28, 2020

A few repeated questions won't ruin the card game.

notyourname
Nov 9, 2021

2 king of hearts would ruin a deck

notyourname
Nov 9, 2021

2 king of hearts would ruin a deck

SilentH
Apr 4, 2020

Disagree, I appreciate Ekramy pointing out these are repeated questions. I create flash cards from these questions and so he saves me having to create duplicate flash cards.

levianthan
Sep 28, 2020

A few repeated questions won't ruin the card game.

notyourname
Nov 9, 2021

2 king of hearts would ruin a deck

notyourname
Nov 9, 2021

2 king of hearts would ruin a deck

tartar
Sep 20, 2020

Question 1: Azure AD Question 2: A web app

levianthan
Sep 28, 2020

A few repeated questions won't ruin the card game.

notyourname
Nov 9, 2021

2 king of hearts would ruin a deck

notyourname
Nov 9, 2021

2 king of hearts would ruin a deck

pkum
Jun 9, 2020

Azure AD, Web API are correct answers. Please refer auth workflow diagram here: https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api#register-the-web-api-in-azure-ad

blackalbum
Mar 20, 2020

The answer is correct. Delegated User Identity: The web API makes authorization decisions based on the user identity. https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api

Kaawa
Jul 25, 2020

it's using oauth, so "Application identity", hence, WebApp takes care authorization

maheshwary
Jul 31, 2020

The question says: To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens. This means that it is not using 'Delegated User Identity' and so cannot authorized individual users, which by the way is the requirement. So web API options seems incorrect. Not sure what the alternative here is.

levianthan
Sep 28, 2020

Authenticate != Authorize I believe the WebApp authenticates the user, and then the API authorizes the authenticated user. The authenticated user presents its authority through the bearer token. The WebApp itself does not decide if the user has authority to access the API, it only authenticates him.

levianthan
Sep 28, 2020

Authenticate != Authorize I believe the WebApp authenticates the user, and then the API authorizes the authenticated user. The authenticated user presents its authority through the bearer token. The WebApp itself does not decide if the user has authority to access the API, it only authenticates him.

ihustle
Jan 1, 2021

Thank you for this link, it clarifies the answers.

pandeya442
May 14, 2020

Repeated one- Azure AD Web API

AS007
Apr 17, 2020

AAD Web App

jivom
Aug 10, 2020

Access token is generated by Active Directoy but Authorization is always provided by Web Api. The Web app requests the access token to AD, and the web app then asks API to verify that access token.

Test_Taker_1
Aug 22, 2020

Says it here plan as day: https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/web-api Question Requirements: "... must authenticate by using OAuth 2 bearer tokens." "... authenticate by using the identities of individual users." The link above offers 2 flows: 1. Delegated User Identity - this isn't the correct because the one below fits better. 2. Application Identity - Uses OAUTH - Authorization will be performed by Web Application For both cases, it says that a token must come from an identity providers. Therefore Question 1: Azure AD (it's the identity provider) Question 2: "A web app"

Dlouc
May 17, 2020

answer for second part - is Web App The web API does not get information about the user. The web API cannot perform any authorization based on the user identity. All authorization decisions are made by the web application.

pieixoto
May 28, 2020

Did you read the requirements? "To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens. The web app must authenticate by using the identities of individual users." Of course the Web API gets information about the user because the Web App MUST give it the oauth 2 bearer token and it must authenticate using the user's identities.

NKnab
Jul 6, 2020

Using the access token to call the web API Once you have the token, send it in the Authorization header of the HTTP requests to the web API.

[Removed]
Aug 13, 2020

A perfect example is given here: https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/

sanketshah
Jan 3, 2021

given answer is correct.