I have asp.net core web api app which is hosted in Azure Kubernetes Service and the web api endpoints is secured with Azure Active Directory (AAD). Following the below article,
https://dotnetplaybook.com/secure-a-net-core-api-using-bearer-authentication/
Now I have another asp.net core web api application (Gateway) which is hosted as Azure App Service and this is a client application for above microservice which is hosted in AKS.
I have registered the client app (Gateway) also in AAD and using secret and using this gateway and microservices authenticated and works.
Since AKS hosted microservices talks with Azure App service, can I use Managed Identity so that I don't need to do secret management?
So just to clarify, your service deployed in Azure App Service is calling your application deployed in AKS.
If your Azure App Service is acting on its own behalf (ie: it is a daemon app, and users dont interact with that app), then yes, you can simply use a Managed Identity for that App Service and give that identity the API permissions for the app in AKS.
--an update to the above
I wrote some additional details that walks through all steps to achieve this, take a look at this post: https://blog.identitydigest.com/single-tenant-daemon-managed-identity/ . It also has a pointer to a very rudimentary code sample.