Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to authenticate user with Azure Active Directory using OAuth 2.0?

I have a REST API written in C# and I need to authenticate with an existing Azure AD service. I currently have the username and password of the user wishing to authenticate. I need to authenticate with Azure AD and receive an access token from the server.

Can someone please point me in the direction of some articles/tutorials that explain how to do this?

like image 625
COBOL Avatar asked Feb 18 '15 10:02

COBOL


People also ask

Does Azure AD use oauth2?

Azure Active Directory (Azure AD) supports all OAuth 2.0 flows.

How do I authenticate an Azure AD?

Enable Azure Active Directory in your App Service app. Sign in to the Azure portal and navigate to your app. Select Authentication in the menu on the left. Click Add identity provider.


2 Answers

You should avoid handling the users credentials. There are serious security implications when collecting a users credentials that are mitigated by using OAuth 2.0 or OpenID Connect to get a token without directly handling the credentials. Also, if you have your own credential collection UI then you may find that sign in fails in the future if multi-factor authentication is turned on. In that case, more information may be necessary to authenticate the user than you are collecting, a one time password for instance. If you allow Azure AD to present the authentication experience via OAuth 2.0 or OpenID Connect, then you are insulated from the specific authentication method being employed. Collecting the users Azure AD credentials is a bad practice to be avoided if at all possible.

I don't have enough detail on the exact scenario to be confident that the following sample applies, but it will at least provide a good starting point. This sample shows how to create a native app that calls a REST API that can then call an Azure resource in the safest way possible.

https://github.com/AzureADSamples/WebAPI-OnBehalfOf-DotNet

You can find lots of other samples here that can be used to construct a solution for your particular scenario.

https://github.com/AzureADSamples

If you provide some more detail I can give more specific guidance.

like image 117
Rich Randall Avatar answered Oct 11 '22 05:10

Rich Randall


See: http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/

Summary: Create a UserCredential

UserCredential uc = new UserCredential(user, password);

Call one of the AcquireToken() functions with the UserCredential

public AuthenticationResult AcquireToken(string resource, string clientId, UserCredential userCredential);
public Task<AuthenticationResult> AcquireTokenAsync(string resource, string clientId, UserCredential userCredential);
like image 23
dteviot Avatar answered Oct 11 '22 04:10

dteviot