Sometimes we come across applications that needed some basic form of protection, but (sadly enough) the code base did not allow it. Today we’ll see how we can enable authentication / authorization on your web app, -without- altering any code! We’ll be doing this capability from the web app service itself, without the code noticing anything of this.
Enable / Configure the Azure Active Directory Authentication
Let’s start by doing to our web app and looking for the “Authentication / Authorization” section.
We’ll enabling the “App Service Authentication”. As we do not want guests, we’ll select “Log in with Azure Active Directory” as a way to force authentication. Next up we’ll configure the Azure Active Directory ;
Where we can go “Express” (Global Admin privileges needed) or “Advanced” (where we need to enter the application information like the application id etc).
Common Issue : Express Creation & Custom Domains
My web app was using a custom domain. When you do the express creation, it did not add this domain to my application registration in Azure Active Directory. Here I’m not sure if this was due to a timing issue (that I enabled the custom domain after the authentication link) or not…
Anyhow, when I tried to login from this custom URL, I got the following error ;
This can easily be fixed, by going to the application registration, and adding the custom domain to the reply URLs ;
Now I browsed to my URL ; https://2016.kvaes.be/ and I immediately got redirected to a login page. Just for the sake of it, I entered my liveid here ;
Which got me an error messaging stating that my identity provider (“live.com) was not allowed ;
Next up, I tried it with my AAD account ;
And then I was able to view my website…
Enabling an Azure web app with authentication is very straightforward and easy to accomplish! To be honest, I was mindblown how easy this was…