Skip to content

Commit 47d2c19

Browse files
PRMerger19PRMerger19
authored
Merge pull request #113749 from spelluru/egridauth0504
AAD vs. parameters to URL
2 parents 2c0db23 + 5973c38 commit 47d2c19

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

articles/event-grid/security-authentication.md

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,9 +75,13 @@ static string BuildSharedAccessSignature(string resource, DateTime expirationUtc
7575

7676
All events or data written to disk by the Event Grid service is encrypted by a Microsoft-managed key ensuring that it's encrypted at rest. Additionally, the maximum period of time that events or data retained is 24 hours in adherence with the [Event Grid retry policy](delivery-and-retry.md). Event Grid will automatically delete all events or data after 24 hours, or the event time-to-live, whichever is less.
7777

78-
## Authenticate event delivery to webhook endpoints using Azure AD
78+
## Authenticate event delivery to webhook endpoints
79+
The following sections describe how to authenticate event delivery to webhook endpoints. You need to use a validation handshake mechanism irrespective of the method you use. See [Webhook event delivery](webhook-event-delivery.md) for details.
80+
81+
### Using Azure Active Directory (Azure AD)
7982
You can secure your webhook endpoint by using Azure Active Directory (Azure AD) to authenticate and authorize Event Grid to deliver events to your endpoints. You'll need to create an Azure AD Application, create a role and service principle in your application authorizing Event Grid, and configure the event subscription to use the Azure AD Application. [Learn how to configure Azure Active Directory with Event Grid](secure-webhook-delivery.md).
8083

84+
### Using query parameters for the URL
8185
You can secure your webhook endpoint by adding query parameters to the webhook URL when creating an Event Subscription. Set one of these query parameters to be a secret such as an [access token](https://en.wikipedia.org/wiki/Access_token). The webhook can use the secret to recognize the event is coming from Event Grid with valid permissions. Event Grid will include these query parameters in every event delivery to the webhook.
8286

8387
When editing the Event Subscription, the query parameters aren't displayed or returned unless the [--include-full-endpoint-url](https://docs.microsoft.com/cli/azure/eventgrid/event-subscription?view=azure-cli-latest#az-eventgrid-event-subscription-show) parameter is used in Azure [CLI](https://docs.microsoft.com/cli/azure?view=azure-cli-latest).

0 commit comments

Comments
 (0)