Protecting your webapp with Azure Active Directory WITHOUT adjusting any code…

Introduction

Sometimes we come across applications that needed some basic form of protection, but (sadly enough) the code base did not allow it. Today we’ll see how we can enable authentication / authorization on your web app, -without- altering any code! We’ll be doing this capability from the web app service itself, without the code noticing anything of this.
Enable / Configure the Azure Active Directory Authentication

Let’s start by doing to our web app and looking for the “Authentication / Authorization” section.

2017-03-01-14_27_51-authentication-_-authorization-microsoft-azure

We’ll enabling the “App Service Authentication”. As we do not want guests, we’ll select “Log in with Azure Active Directory” as a way to force authentication. Next up we’ll configure the Azure Active Directory ;

2017-03-01-14_28_04-authentication-_-authorization-microsoft-azure

 

Where we can go “Express” (Global Admin privileges needed) or “Advanced” (where we need to enter the application information like the application id etc).

2017-03-01-14_28_19-azure-active-directory-settings-microsoft-azure

 

Common Issue : Express Creation & Custom Domains

My web app was using a custom domain. When you do the express creation, it did not add this domain to my application registration in Azure Active Directory. Here I’m not sure if this was due to a timing issue (that I enabled the custom domain after the authentication link) or not…

2017-03-01-14_34_02-custom-domains-microsoft-azure

Anyhow, when I tried to login from this custom URL, I got the following error ; 2017-03-01-14_23_15-error

This can easily be fixed, by going to the application registration, and adding the custom domain to the reply URLs ;

2017-03-01-14_27_06-program-manager

 

Test Drive!

Now I browsed to my URL ; https://2016.kvaes.be/ and I immediately got redirected to a login page. Just for the sake of it, I entered my liveid here ;

2017-03-01-14_31_51-aanmelden-bij-uw-account

Which got me an error messaging stating that my identity provider (“live.com) was not allowed ;

2017-03-01-14_32_07-error

 

Next up, I tried it with my AAD account ; 

2017-03-01-14_32_28-aanmelden-bij-uw-account

And then I was able to view my website…

2017-03-01-14_32_39-karim-vaes-cloud-solution-architect-microsoft-most-valuable-professional-for

 

Closing Thoughts

Enabling an Azure web app with authentication is very straightforward and easy to accomplish! To be honest, I was mindblown how easy this was…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s