Merk
Tilgang til denne siden krever autorisasjon. Du kan prøve å logge på eller endre kataloger.
Tilgang til denne siden krever autorisasjon. Du kan prøve å endre kataloger.
Authentication determines who is calling your Data API builder (DAB) endpoints.
DAB supports multiple authentication providers so you can match local testing, production identity systems, and platform-hosted scenarios.
Authentication providers at a glance
| Provider | Best for | Guide |
|---|---|---|
Unauthenticated |
Trusted front end or gateway handles identity before DAB | Configure the Unauthenticated provider |
EntraID / AzureAD |
Microsoft Entra ID-based production apps | Configure Microsoft Entra ID authentication |
Custom |
Third-party OpenID Connect or JWT providers | Configure custom JWT authentication |
AppService |
Azure App Service Easy Auth headers | Configure App Service authentication |
Simulator |
Local development and role testing | Configure Simulator authentication |
On-Behalf-Of (OBO) |
SQL scenarios requiring user-delegated downstream identity | Configure OBO authentication |
How authentication affects authorization
After DAB authenticates a request, DAB evaluates permissions by role.
- No authenticated identity maps to the
anonymoussystem role. - Authenticated identity maps to
authenticated, or to a requested role from claims whenX-MS-API-ROLEis used.
For role evaluation details, see Authorization overview.
Configure authentication
Set the provider with:
dab configure --runtime.host.authentication.provider <ProviderName>
For schema details, see Runtime configuration reference.