Rediger

Del via


Authorize requests to Azure Web PubSub resources with Managed identities for Azure resources

Azure Web PubSub Service supports Microsoft Entra ID for authorizing requests from Managed identities for Azure resources.

This article explains how to set up your resource and code to authorize requests to the resource using a managed identity.

Configure managed identities

The first step is to configure managed identities on your app or virtual machine.

Add a role assignment in the Azure portal

This section shows how to assign a Web PubSub Service Owner role to a service principal or managed identity for a Web PubSub resource. For detailed steps, see Assign Azure roles using the Azure portal.

Note

A role can be assigned to any scope, including management group, subscription, resource group, or single resource. To learn more about scope, see Understand scope for Azure RBAC.

  1. In the Azure portal, go to your Web PubSub resource.

  2. Select Access control (IAM) in the sidebar.

  3. Select Add > Add role assignment.

    Screenshot that shows the page for access control and selections for adding a role assignment.

  4. On the Role tab, select Web PubSub Service Owner or other Web PubSub built-in roles depends on your scenario.

    Role Description Use case
    Web PubSub Service Owner Full access to data-plane APIs, including read/write REST APIs and Auth APIs. Most commonly used for building a upstream server that handles negotiation requests and client events.
    Web PubSub Service Reader Readonly access to data-plane APIs. Use it when write a monitoring tool that calls readonly REST APIs.
  5. Select Next.

  6. For Microsoft Entra application.

    1. In the Assign access to row, select User, group, or service principal.
    2. In the Members row, click select members, then choose the identity in the pop-up window.
  7. For managed identity for Azure resources.

    1. In the Assign access to row, select Managed identity.
    2. In the Members row, click select members, then choose the application in the pop-up window.
  8. Select Next.

  9. Review your assignment, then click Review + assign to confirm the role assignment.

Important

Newly added role assignments might take up to 30 minutes to propagate.

To learn more about how to assign and manage Azure roles, see these articles:

Code samples with Microsoft Entra authorization

Check out our samples that show how to use Microsoft Entra authorization in programming languages we officially support.