How to Secure an Azure App Service with Azure AD Authentication

Leave a comment

In this post, we will look at how to secure an Azure App Service with authentication by using Azure Active Directory. Go to https://portal.azure.com and select an App Service. We will use one we created earlier. Select Authentication / Authorization:

Set App Service Authentication to On:

Select Azure Active Directory. Note the other options – Facebook, Google, Twitter etc:

We see:

Let’s use Express setup. We will call our app CarlCRMAPIADApp:

Set Action to take when request is not authenticated = Log in with Azure Active Directory. If you have it set to “Allow Anonymous Requests” then you will still allow these requests to come through, which may not be desired:

Now, if you send through a request as before, you will get a 503 Service Unavailable error as we are not passing through any authentication:

Let’s go to App Registrations and select our App:

Click on Certificates and Secrets. We will create a New Client Secret:

Give the secret a name, and duration:

We get a value. Copy it:

Now in Postman, let’s finish our request. Click the Authorization tab and select OAuth 2.0:

Then Get New Access Token:

Enter the information below, with information from our App Registration:

Token Name: Anything, e.g. My App Token

Grant Type: Authorization Code

Callback URL: https://carlcrmapi.azurewebsites.net/.auth/login/aad/callback – from Authentication Redirect URL

Auth URL: https://login.microsoftonline.com/directoryid/oauth2/authorize?resource=resourceid where directory id comes from the Overview page of the App Registration and resource id comes from the Overview page Application Id

Access Token URL: https://login.microsoftonline.com/directoryid/oauth2/token?resource=resourceid where directory id comes from the Overview page of the App Registration and resource id comes from the Overview page Application Id

Client Id = from the Overview page of the App Registration the Application Id

Client Secret = Created in Certificates and Secrets

Click Request Token:

We are prompted to log in:

And it asks for permissions. Click Accept:

We get an Access Token returned:

Of type Bearer:

Click Use Token:

We see the Access Token in the Postman request, with OAuth 2.0 set. Click Send, and we get a response back. We are now authenticated with our app using Azure AD:

 

 

THANKS FOR READING. BEFORE YOU LEAVE, I NEED YOUR HELP.
 

I AM SPENDING MORE TIME THESE DAYS CREATING YOUTUBE VIDEOS TO HELP PEOPLE LEARN THE MICROSOFT POWER PLATFORM.

IF YOU WOULD LIKE TO SEE HOW I BUILD APPS, OR FIND SOMETHING USEFUL READING MY BLOG, I WOULD REALLY APPRECIATE YOU SUBSCRIBING TO MY YOUTUBE CHANNEL.

THANK YOU, AND LET'S KEEP LEARNING TOGETHER.

CARL

https://www.youtube.com/carldesouza

 

ABOUT CARL DE SOUZA

Carl de Souza is a developer and architect focusing on Microsoft Dynamics 365, Power BI, Azure, and AI.

carldesouza.comLinkedIn Twitter | YouTube

 

Leave a Reply

Your email address will not be published. Required fields are marked *