Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authenticating a PHP Web App with Azure Active Directory and Azure Mobile Services

I've got an existing mobile app that is integrated with Azure's mobile services. The mobile services are currently connected to Azure Active Directory with MFA enabled. I'm attempting to build a separate PHP-based web application that uses this existing mobile service and authentication.

Authentication

The only active directory of users is the cloud-based AAD. There is no local version and no office 365. After doing a lot of research, it appears PHP can integrate using SAML. However, there are either no PHP samples Azure Active Directory Code Samples or they're tied to Office 365 azure-sdk-for-php-samples.

How can I authenticate my users against AAD via the web-app?

Authorization

Once a user has been authenticated, how can I ensure that user has the same access levels as the user via the mobile service?

like image 528
Dexter Avatar asked Feb 20 '15 16:02

Dexter


People also ask

How do I authenticate a web app with Azure Active Directory?

Sign in to the Azure portal, search for and select App Services, and then select your app. Note your app's URL. You'll use it to configure your Azure Active Directory app registration. From the portal menu, select Azure Active Directory, then go to the App registrations tab and select New registration.

How do I authenticate and authorize Azure function with Azure Web App using managed service identity?

Enabling MSI on Azure Function Managed Serviced Identity (MSI) can be turned on through the Azure Portal. Under 'Platform features' for an Azure Function select 'Identity' as shown below and turn it on for System Assigned. A system-assigned managed identity is enabled directly on an Azure service instance.

Which of the following type of authentication is supported in web app in Microsoft Azure?

Azure App Service provides built-in authentication and authorization capabilities (sometimes referred to as "Easy Auth"), so you can sign in users and access data by writing minimal or no code in your web app, RESTful API, and mobile back end, and also Azure Functions.


1 Answers

One option would be to have your PHP app serve a page using the Mobile Services JavaScript SDK and have it perform the login.

You'll get the same token that you would in your mobile app. To your question on authorization, as long as you're making subsequent backend calls through the Mobile Service, you will get the exact same authorization rules as you have defined on that service.

The token will be client-bound, and you'll likely want to get it back to your server for making calls. The actual Mobile Services token is located in client.currentUser.authenticationToken, and you can set this as a cookie in the javascript code and then retrieve it on your PHP backend in a subsequent call.

Calls to the Mobile Service (via the REST API) from your PHP backend just need this token set in the X-ZUMO-AUTH header.

This approach should work for all providers, including AAD. MFA should not be a problem in this case.

like image 165
mattchenderson Avatar answered Nov 15 '22 12:11

mattchenderson