Estimated time: 15 minutes
In this task you will create an Azure AD application and configure an Azure web app to authenticate users with Azure AD. You will assign permissions to the Azure AD application and test authentication using the web application.
This task requires a test user in an Azure AD tenant. If you do not already have a user in your Azure AD tenant:
This task also requires a web app with code deployed. To deploy the web app run the following from a bash cloud shell:
curl https://inedemoassets.blob.core.windows.net/taskfiles/azure_security/scripts/VOD3730T013.deploy.sh | shThis will create a web app with a unique name in a resource group named task-azuread-rg.
To start this task you will need to create an Azure AD application registration. Before creating the registration, copy the url of the web app that is deployed in the pre-requisite setup. To create the registration:
| Setting | Value |
|---|---|
| Name | azAdRegistrationDemo |
| Account types | Accounts in your directory (tenant) only |
| Redirect URI | <your web app url>/signin-oidc |
| logout URL | <your web app url>/logout |
| Access tokens | lt;checked> |
| ID tokens | lt;checked> |
Record the Application ID and Directory ID of the registration. You will need them for the next requirement.
Note: You will not always need to set the access tokens and ID tokens. The web app is configured to use them in this case.
Next you will configure the web app to use the application registration. Navigate to the Azure portal blade and set the following configuration settings (the settings will already be there, but will be blank):
| Setting | Value |
|---|---|
| AzureAd:ClientId | <registration client id |
| AzureAd:Domain | <your Azure AD URI |
| AzureAd:Instance | https://login.microsoftonline.com/ |
| AzureAd:TenantId | lt;your tenant id> |
Finally, navigate to the web app and log in. You should see a message that you have successfully logged in.
Having trouble completing this task? View the demonstration video to see how to do it.