How to Enable Azure AD Authentication for Azure App Service?
akhilsharmaAzureADEntrawebappAzure

How to Enable Azure AD Authentication for Azure App Service?

Azure Active Directory (Azure AD) is a cloud-based identity and access management service that provides secure sign-in and access control for web applications. Azure WebApps are web applications that run on Azure App Service, a fully managed platform for building and hosting web apps.

In this article, I will show you how to enable Azure AD authentication for your Azure WebApp using the Azure portal. This will allow you to restrict access to your web app only to users who have an account in your Azure AD tenant.

Step 1: Register a web application in Azure AD

Before you can enable Azure AD authentication for your web app, you need to register a web application in your Azure AD tenant. This will create an app registration that represents your web app and defines its permissions and settings.

To register a web application in Azure AD, follow these steps:

  • Sign in to the Azure portal and navigate to your app.
  • Note your app's URL. You'll use it to configure your Azure AD app registration.
  • From the portal menu, select Azure Active Directory, then go to the App registrations tab and select New registration.
  • Enter a name for your web app, such as MyAwesomeApp.
  • For Supported account types, choose Accounts in this organizational directory only if you want to limit access to users in your own tenant, or choose Accounts in any organizational directory if you want to allow access to users from other tenants as well.
  • For Redirect URI, enter your app's URL followed by /.auth/login/aad/callback, such as https://myawesomeapp.azurewebsites.net/.auth/login/aad/callback. This is where users will be redirected after signing in with Azure AD.
  • Select Register.

Step 2: Enable Azure AD authentication in your Azure App Service app

After registering your web app in Azure AD, you can enable Azure AD authentication for it using the App Service authentication feature. This feature allows you to configure various identity providers and settings for your web app without writing any code.

To enable Azure AD authentication in your App Service app, follow these steps:

  • Sign in to the Azure portal and navigate to your app.
  • Select Authentication in the menu on the left. Click Add identity provider.
  • Select Microsoft in the identity provider dropdown.
  • For App registration type, you can choose to Pick an existing app registration which will automatically gather the necessary information from the one you created earlier. Alternatively, you can choose to enter them manually by selecting Create new or use existing one with advanced settings.

If you choose manual entry, enter the following information:

  • For Client ID, enter the application ID of your web app registration from Step 1.
  • For Client secret, enter a secret value that you generate from your web app registration. To do this, go back to the App registrations tab under Azure Active Directory, select your web app, then go to Certificates & secrets and click on New client secret. Enter a description and an expiration date for the secret, then click on Add. Copy the value of the secret and paste it here.
  • For Issuer URL, enter https://sts.windows.net/<tenant-id>/, where <tenant-id> is the directory ID of your Azure AD tenant. You can find this value under Properties of Azure Active Directory blade
  • For additional login parameters (optional), enter any additional parameters that you want pass along with each login request such as resource=<resource-id> or prompt=consent. You can find more information about these parameters here.

Click on OK. Step 3: Test your web app

Now that you have enabled Azure AD authentication for your web app, you can test it by browsing to its URL in a private browser window or an incognito mode. You should see a sign-in page that prompts you to enter your credentials for your Azure AD account.

If everything works correctly, you should be able to access your web app after signing in successfully.

Conclusion

In this article, we have explored how to enable Azure Active Directory authentication for your Azure App Services. This method can prove vital if you want to setup an authentication method for your applications without actually writing any code or logic within the application. It's a perfect method to setup authentication for private applications.

Along with this there are several other benefits of using Azure AD for setting up authentication for your Azure App Service.

  • Improve the end-user experience: Azure AD helps to protect a user’s identity and simplify their sign-in experience. Users can sign in with their work or school accounts, or with social accounts like GitHub, Twitter, and Facebook.
  • Self-service password reset: Users can change or reset their passwords without any administrator or help desk involvement1. Multi-factor authentication: Users can add an extra layer of security to their sign-in process by verifying their identity with a phone call, text message, or mobile app notification.
  • Password protection: Azure AD helps to prevent common attacks like password spray and brute force by enforcing strong password policies and banning commonly used passwords.
  • Passwordless authentication: Users can sign in without passwords by using biometrics, PINs, or security keys.

I hope this helps! Let me know if you have any questions.

Reach me Out!