Azure AD App Application Permissions vs Delegated Permissions

azure security azure-active-directory
Arjuna picture Arjuna · Jul 14, 2015 · Viewed 19.9k times · Source

I am creating an Azure AD app and noticed there are two permissions types, Application Permissions and Delegated Permissions. What is the difference between the two and under what scenario should I use them?

Answer

MvdD picture MvdD · Jul 15, 2015

You typically use delegated permissions when you want to call the Web API as the logged on user. Say for example that the Web API needs to filter the data it returns based on who the user is, or execute some action as the logged in user. Or even just to log which user was initiating the call.

Application permissions are used when the application calls the API as itself. For example to get the weather forecast for a certain zipcode (it does not matter which user is logged on). The client can even call the API when there's no user present (some background service calling the API to update some status).

Related questions

This site can’t provide a secure connection

When I added the URL rewrite code in web.config and then publish it into azure. it will automatically redirects to https even I am trying to access website with http. <rewrite> <rules> <rule name="…

Read More
How to get connection string out of Azure KeyVault?

A hypothetical web-site currently connects using: public SqlConnection CreateConnection() { DbConnection connection = new SqlConnection(); connection.ConnectionString = GetConnectionString(); connection.Open(); return connection; } Where the magical connection string is stored in web.config: String GetConnectionString() { //Get the connection string info from web.config …

Read More
The data protection operation was unsuccessful on Azure using OWIN / Katana

I'm trying to implement password reset on an OWIN/Katana based ASP.NET MVC website running in Azure. It works fine when run locally but fails in production. I create a UserToken Provider userManager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(…

Read More