If we are using the Dynamics 365 in an Enterprise Level , System Integrations with Web APIs are a common scenario. This post will explain on how to set up Azure Active Directory Authentication on Web APIs
1. Register the Web API application in Azure Active directory , To do that Navigate to Azure Portal and Click on 'Azure Active Directory' -> 'App Registrations' -> 'New Application registration'
2. Provide any relevant name and 'Sign On Url' as your Web API Url postfixed by ".auth/login/aad/callback"
then click on create.
Ex: - http://<<your webapi Url >>/.auth/login/aad/callback , http://xxxxxx.azurewebsites.net/.auth/login/aad/callback
3. Once created , The Application Id highlighted below will be the 'Client id' that would be used in the next steps.
4. From the Azure Portal - Navigate to your Web API that you have already created. Scroll down and click on 'Authentication/Authorization'
5. Change the 'App Service Authentication' to On , 'Action to take when request is not authenticated' to 'Login with Azure Active directory' and Click on 'Azure Active Directory' Option.
3. In the next screen , Choose the 'Management Mode' as 'Advanced' and Enter the 'ClientId' that is generated from the Step 3 and Issuer Url.
Issuer Url Would be same across all your AAD applications and it would be specific to your Organization ,
Update the field with Issuer URL for your Active Directory postfixed by TenantId of your Active Directory. TenantId can be obtained by executing PowerShell command 'Get-AzureAccount' or by browsing to your directory from the management portal.
Your API would now prompt for AAD Authentication both from browser and when accessed via code.