Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to authenticate user with Azure Active Directory using OAuth 2.0?

Tags:

c#

authentication

oauth-2.0

azure

azure-active-directory

I have a REST API written in C# and I need to authenticate with an existing Azure AD service. I currently have the username and password of the user wishing to authenticate. I need to authenticate with Azure AD and receive an access token from the server.

Can someone please point me in the direction of some articles/tutorials that explain how to do this?

like image 625
COBOL Avatar asked Feb 18 '15 10:02

COBOL

People also ask

Does Azure AD use oauth2?

Azure Active Directory (Azure AD) supports all OAuth 2.0 flows.

How do I authenticate an Azure AD?

Enable Azure Active Directory in your App Service app. Sign in to the Azure portal and navigate to your app. Select Authentication in the menu on the left. Click Add identity provider.

2 Answers

You should avoid handling the users credentials. There are serious security implications when collecting a users credentials that are mitigated by using OAuth 2.0 or OpenID Connect to get a token without directly handling the credentials. Also, if you have your own credential collection UI then you may find that sign in fails in the future if multi-factor authentication is turned on. In that case, more information may be necessary to authenticate the user than you are collecting, a one time password for instance. If you allow Azure AD to present the authentication experience via OAuth 2.0 or OpenID Connect, then you are insulated from the specific authentication method being employed. Collecting the users Azure AD credentials is a bad practice to be avoided if at all possible.

I don't have enough detail on the exact scenario to be confident that the following sample applies, but it will at least provide a good starting point. This sample shows how to create a native app that calls a REST API that can then call an Azure resource in the safest way possible.

https://github.com/AzureADSamples/WebAPI-OnBehalfOf-DotNet

You can find lots of other samples here that can be used to construct a solution for your particular scenario.

https://github.com/AzureADSamples

If you provide some more detail I can give more specific guidance.

like image 117
Rich Randall Avatar answered Oct 11 '22 05:10

Rich Randall

See: http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/

Summary: Create a UserCredential

UserCredential uc = new UserCredential(user, password);

Call one of the AcquireToken() functions with the UserCredential

public AuthenticationResult AcquireToken(string resource, string clientId, UserCredential userCredential);
public Task<AuthenticationResult> AcquireTokenAsync(string resource, string clientId, UserCredential userCredential);
like image 23
dteviot Avatar answered Oct 11 '22 04:10

dteviot
Sign in to Comment

Related questions

SqlCommand maximum parameters exception at 2099 parameters
How to compare two images using byte arrays
Why can't the meaning of a base class specification recursively depend on itself in C#?
Using SWIG with methods that take std::string as a parameter
Why does closing the last child window minimize its parent window?
Is there a generic type-constraint for "where NOT derived from"?
Deallocate memory from C# dictionary contained in a static object
Why do I have to copy "this" when using LINQ in a struct (and is it OK if I do)?
Does C# support inout parameters?
Fastest way to insert 30 thousand rows in a temp table on SQL Server with C#
Using my own method with LINQ to Entities
Create Generic Expression from string property name
NHibernate object references an unsaved transient instance save the transient instance before flushing
How to use ETag in Web API using action filter along with HttpResponseMessage
C# vs. C++ performance -- why doesn't .NET perform the most basic optimizations (like dead code elimination)?
HttpRequestException vs WebException
How to get instance of dependency resolver in ASP.NET web API
AspNetUsers' ID as Foreign key in separate table, one-to-one relationship
SpecialFolder.Personal location
How Do You "Really" Serialize Circular Referencing Objects With Newtonsoft.Json?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!