Menu
I created new Azure account and trying to automatically deploy app inside it with following code:
var app = azure.AccessManagement.ActiveDirectoryApplications
.Define(appName)
.WithSignOnUrl(appSignOnUrl)
.WithAvailableToOtherTenants(true)
.WithIdentifierUrl(identifierUrl)
.DefinePasswordCredential(username)
.WithPasswordValue(password)
.WithDuration()
.Attach();
.CreateAsync();
It works, if identifierUrl is hardcoded as Azure Active Directory name.
How can I read identifierUrl (Azure Active Directory domain name) from Azure?
I can see this value in portal, but I cannot find an API to read it.
214
Sign in to the Azure portal. Select Azure Active Directory from the menu. The Azure Active Directory Overview page appears. To find the Azure AD tenant ID or primary domain name, look for Tenant ID and Primary domain in the Basic information section.
Azure Active Directory Domain Services (Azure AD DS), part of Microsoft Entra, enables you to use managed domain services—such as Windows Domain Join, group policy, LDAP, and Kerberos authentication—without having to deploy, manage, or patch domain controllers.
To buy a custom domain from Azure, you need to create an app service app and go to "Custom Domains" > "Buy Domain."
Code to get domain name(s) associated with your Azure AD tenant
Please know that there can be multiple domain names associated with your tenant. The one you have shown in screenshot with your question, is just the first one which is assigned to your tenant at the time of creation of Azure AD and is already verified since it uses .onmicrosoft.com. Link
You can always associate other domains with your Azure AD tenant, that you can prove ownership for and verify them. I'll touch a bit on this later, but first here's the relevant code. In your case you will probably get back only one domain which is default one.
This is working code that I quickly wrote and tested with my Azure AD tenant. Since you're already using fluent API to create the application, this should be pretty similar.
I have used a .NET and C# with a simple console application, but I guess code will be very similar for any other libraries as well.
using System;
using Microsoft.Azure.Management.Fluent;
using Microsoft.Azure.Management.Graph.RBAC.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent;
namespace ConsoleApp1
{
class Program
{
static void Main(string[] args)
{
// whatever method you're using already for Authentication (like through file or with credentials or with cert
// same can be used to get AzureCredentials as well, just change the FromFile to FromServicePrincipal if required
IAzure azure = Azure.Authenticate("my.azureauth").WithDefaultSubscription();
var creds = SdkContext.AzureCredentialsFactory.FromFile("my.azureauth");
IGraphRbacManager graphRbacManager = GraphRbacManager.Authenticate(creds, "<your tenant Guid>");
var domains = graphRbacManager.Inner.Domains.ListAsync().GetAwaiter().GetResult();
string defaultDomain = string.Empty;
foreach (var domain in domains)
{
Console.WriteLine(domain.Name);
if (domain.IsDefault.HasValue && domain.IsDefault.Value == true)
defaultDomain = domain.Name;
// not breaking out of loop on purpose, just to print all domain names if multiple are there.
}
string identiferUri = string.Format("https://{0}/myuniqueapp1", defaultDomain);
var app = azure.AccessManagement.ActiveDirectoryApplications
.Define("My Unique App 1")
.WithSignOnUrl("https://myuniqueapp1.azurewebsites.net")
.WithAvailableToOtherTenants(true)
.WithIdentifierUrl(identiferUri)
.DefinePasswordCredential("string")
.WithPasswordValue("string")
.WithDuration(new TimeSpan(365,0,0,0))
.Attach()
.CreateAsync();
Console.ReadLine();
}
}
}
identifierUris and relation with verified domain(s) for your Azure AD Tenant
In your code to create application where you do .WithIdentifierUrl(identifierUrl) it goes in and adds the supplied Url to identifierUris collection for your application manifest. From Azure Portal, you will see this value specified in your app registration's properties > App ID URI. You can also edit the manifest and see it there directly in portal.
This value uniquely identifies your application. For single tenant application you could set it to any unique value that isn't used by any other application in your Azure AD, but for multi-tenant applications it has to be globally enforced and hence there is a restriction to use a URL where host name matches one of the verified domains for your Azure AD tenant. Since you are using .WithAvailableToOtherTenants(true) this concept becomes relevant for you.
Here are a couple of links on Microsoft Docs which talk about this -
Application Manifest for Azure AD
Update an application in Azure AD
Permissions required
Hopefully you have this step already covered, since you need permissions to create the application, but in case you don't or for anyone else reading this in future, since the code is reading information from Azure AD and Creating a new application in Azure AD, the service principal that you use for getting AzureCredentials for this code to run, should have enough privileges.
Go to your Azure AD > App Registrations > App registration for your service principal (you can find it by application id, it will have same application id as your service principal) > go to required permissions > add Windows Azure Active Directory and give appropriate application permissions required for your code.
At the end, make sure to do "Grant Permissions" as all the application permissions here require an Admin consent.
170
It seems that you are just trying to read the tenant name. You can get the name of the tenant you are logged into by calling
https://management.azure.com/tenants?$skiptoken={skiptoken}&api-version={api-version}
See this page for details. This will give you a list of all tenants that you authorized for.
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
