Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions

Exam AZ-305 topic 4 question 46 discussion

Actual exam question from Microsoft's AZ-305
Question #: 46
Topic #: 4
[All AZ-305 Questions]

HOTSPOT -
You are designing a software as a service (SaaS) application that will enable Azure Active Directory (Azure AD) users to create and publish online surveys. The
SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.
You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:
✑ To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens.
✑ The web app must authenticate by using the identities of individual users.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Azure AD -
The Azure AD server issues tokens (access & refresh token). See step 5 below in graphic.
OAuth 2.0 authentication with Azure Active Directory.
The OAuth 2.0 is the industry protocol for authorization. It allows a user to grant limited access to its protected resources. Designed to work specifically with
Hypertext Transfer Protocol (HTTP), OAuth separates the role of the client from the resource owner. The client requests access to the resources controlled by the resource owner and hosted by the resource server (here the Azure AD server). The resource server issues access tokens with the approval of the resource owner. The client uses the access tokens to access the protected resources hosted by the resource server.


Box 2: A web API -
Delegated access is used.
The bearer token sent to the web API contains the user identity.
The web API makes authorization decisions based on the user identity.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/auth-oauth2 https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api
by kay000001 at Sept. 12, 2022, 8:57 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Davin0406
Highly Voted 1 year, 11 months ago
Azure AD and A web API. appeared in exam, 10/14/2022. I passed with 946/1000 and there were only 1~2 new questions but others were all from AZ-305 dump.
upvoted 58 times
AzureJobsTillRetire
1 year, 8 months ago
Thanks Davin0406 for your kindness
upvoted 13 times
...
...
NotMeAnyWay
Highly Voted 1 year, 2 months ago
1. The access tokens will be generated by: a. Azure AD Azure AD is the identity provider and is responsible for generating access tokens in an OAuth 2.0 flow. The web app will authenticate with Azure AD and receive an access token. 2. Authorization decisions will be performed by: c. a web API The web API, as the resource server in the OAuth 2.0 flow, is responsible for making authorization decisions. It validates the access token it receives from the web app and determines what resources the authenticated user can access.
upvoted 13 times
...
Lazylinux
Most Recent 4 months, 3 weeks ago
I believe the given answer is correct => Azure AD and A web API
upvoted 2 times
...
obllew
1 year, 1 month ago
The answer assumes the front end web app is public client like a React SPA app supported by a back-end API, then obviously the API authorizes. In a server-side confidential client web app calling downstream API scenario, the web app would authorize endpoints and use application permissions to access its API. The question doesn't specify the need for delegated API permissions
upvoted 2 times
marcellov
11 months, 3 weeks ago
Yes it does. "The web app must authenticate by using the identities of individual users."
upvoted 2 times
...
...
willybsmith
1 year, 3 months ago
Not sure if 2/ Web API is correct. According to https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/auth-oauth2: Web app: The web app, or resource server, is where the resource or data resides. It trusts the authorization server to securely authenticate and authorize the OAuth client. Azure AD: Azure AD is the authorization server, also known as the Identity Provider (IdP). It securely handles anything to do with the user's information, their access, and the trust relationship. It's responsible for issuing the tokens that grant and revoke access to resources.
upvoted 1 times
...
King_Laps
1 year, 4 months ago
Azure AD and Web API
upvoted 1 times
...
azkumar305
1 year, 5 months ago
Got this on 14-Apr-2023
upvoted 4 times
...
zellck
1 year, 6 months ago
1. Azure AD 2. Web API https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/auth-oauth2
upvoted 4 times
...
GarryK
1 year, 7 months ago
correct. check the video https://learn.microsoft.com/en-us/azure/active-directory/develop/authentication-vs-authorization
upvoted 3 times
...
OPT_001122
1 year, 7 months ago
AAD Web API
upvoted 1 times
...
ORRRRR98
1 year, 10 months ago
Davin0406 Thanks for your feedback
upvoted 3 times
...
kay000001
2 years ago
Answer is correct. The web API makes authorization decisions based on the user identity. The bearer token sent to the web API contains the user identity. https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/web-api
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel