How to Secure an Azure App Service with Azure AD Authentication

In this post, we will look at how to secure an Azure App Service with authentication by using Azure Active Directory. Go to https://portal.azure.com and select an App Service. We will use one we created earlier. Select Authentication / Authorization:

Set App Service Authentication to On:

Select Azure Active Directory. Note the other options – Facebook, Google, Twitter etc:

We see:

Let’s use Express setup. We will call our app CarlCRMAPIADApp:

Set Action to take when request is not authenticated = Log in with Azure Active Directory. If you have it set to “Allow Anonymous Requests” then you will still allow these requests to come through, which may not be desired:

Now, if you send through a request as before, you will get a 503 Service Unavailable error as we are not passing through any authentication:

Let’s go to App Registrations and select our App:

Click on Certificates and Secrets. We will create a New Client Secret:

Give the secret a name, and duration:

We get a value. Copy it:

Now in Postman, let’s finish our request. Click the Authorization tab and select OAuth 2.0:

Then Get New Access Token:

Enter the information below, with information from our App Registration:

Token Name: Anything, e.g. My App Token

Grant Type: Authorization Code

Callback URL: https://carlcrmapi.azurewebsites.net/.auth/login/aad/callback – from Authentication Redirect URL

Auth URL: https://login.microsoftonline.com/directoryid/oauth2/authorize?resource=resourceid where directory id comes from the Overview page of the App Registration and resource id comes from the Overview page Application Id

Access Token URL: https://login.microsoftonline.com/directoryid/oauth2/token?resource=resourceid where directory id comes from the Overview page of the App Registration and resource id comes from the Overview page Application Id

Client Id = from the Overview page of the App Registration the Application Id

Client Secret = Created in Certificates and Secrets

Click Request Token:

We are prompted to log in:

And it asks for permissions. Click Accept:

We get an Access Token returned:

Of type Bearer:

Click Use Token:

We see the Access Token in the Postman request, with OAuth 2.0 set. Click Send, and we get a response back. We are now authenticated with our app using Azure AD:

THANKS FOR READING. BEFORE YOU LEAVE, I NEED YOUR HELP.

I AM SPENDING MORE TIME THESE DAYS CREATING YOUTUBE VIDEOS TO HELP PEOPLE LEARN THE MICROSOFT POWER PLATFORM.

IF YOU WOULD LIKE TO SEE HOW I BUILD APPS, OR FIND SOMETHING USEFUL READING MY BLOG, I WOULD REALLY APPRECIATE YOU SUBSCRIBING TO MY YOUTUBE CHANNEL.

THANK YOU, AND LET'S KEEP LEARNING TOGETHER.

CARL

https://www.youtube.com/carldesouza

ABOUT CARL DE SOUZA

Carl de Souza is a developer and architect focusing on Microsoft Dynamics 365, Power BI, Azure, and AI.

carldesouza.com | LinkedIn | Twitter | YouTube

Facebook

Twitter

Carl April 23, 2024 at 7:49 pm on Using the Dataverse REST Builder to Build REST RequestsThanks for the update, Guido!
Carl April 23, 2024 at 7:41 pm on Integrating Power BI Reporting with Dynamics 365 (2024)Ed, this is a really good call-out, thanks for mentioning this. Hopefully I can get a trial spun up at
Ed April 23, 2024 at 12:20 pm on Integrating Power BI Reporting with Dynamics 365 (2024)Hey Carl! Great blog - really clear and informative. While only relevant for Premium/Fabric SKUs, I wonder whether adding a
Eldros April 19, 2024 at 8:17 pm on How to Authenticate and Use the Power BI API inside Power AutomateI had to click advanced options in the 2nd HTTP request and put my bearer token in the Value after
Sunil Kushawaha April 10, 2024 at 5:59 am on Dynamics 365 HTML Web Resource ExampleHi Carl, We are trying to achieve same functionality in my MSD 365 customer service, and we are able add

How to Secure an Azure App Service with Azure AD Authentication

Related Posts:

Leave a Reply Cancel reply