Testing with Postman

Now we can test the previous service with Postman.


Postman is a GUI Tool for testing HTTP APIs. It is much popular today that almost all Developers have it installed it in their machine.

You can download latest version of Postman from here.



Following are the steps to use Postman.

Get the Token

Create a new GET REQUEST as shown below.


Enter the following Values.

· Auth URL use the URL https://login.microsoftonline.com/Your-AAD-Tenant-Name-OR-Guid/oauth2/token and replace the highlighted area

· Client ID You can get this from Azure > App Service > Properties

· Client Secret You can get this from Client Credentials blad

· Grant Type Hardcode as client_credentials

· Resource You can get this from Service > Expose an API blade


Call the Service

Now call the service & If everything went fine you will see the response as below.


Now follow these steps:

· Create a new GET request

· Add the highlighted headers below

· Set the Token copied from previous step with the Bearer prefix on it

· Click the SEND button in Postman

On successful execution, you will get the results as shown above.


In this post you have seen how to call an AAD protected API Service with Postman. In real world scenarios we can combine the Token generation & attaching to Service request as a single step.


Postman – Automatically attach Token


AZ300 – AAD Service Registration

Azure Active Directory provides Identity Platform which allows Secured Access to your Application & Services. In this article we can explore how to create a Web API Service & Protect it with AAD App Registration.

Create New API Service

Open Visual Studio & Create a new Web API Service.


Run the Service and Ensure you are able to access the Results as displayed below.


Publish the Service

Now right click on the project & publish the service to Azure App Service.



You need an Azure Subscription to perform this. You can use following link to do the same.


Choose the App Service option.


Enter the App Service option.


Azure App Service is a PaaS (Platform as a Service) way of Hosting web sites.


You can test your new App Service with the URL.


If you are getting the same results, you are good!

Protect the Service

Now we can protect the Service with Azure Active Directory. There is a Quick Way to achieve the same without writing a single line of code.

Go to Azure Portal > App Services blade > Click on your service.


Go to Authentication/Authorization blade.


Turn App Service Authentication to On. Then in the appearing options choose the following:

· Login with Azure Active Directory

· Choose Azure Active Directory from Authentication Providers > Then choose Express option

Save changes.

Test the Service

Now test the service again with the previous URL. This time you will be prompted for Login.


This means the Service is protected from Anonymous Access now.




In this article we have explored how to create a Web API Service & Protect it with AAD App Registration.