App registrations

Author : MD TAREQ HASSAN | Updated : 2020/11/13

What is App registration in Azure AD

Registering the application means that your developers can use Azure AD to authenticate users and request access to user resources such as email, calendar, and documents
Known as creating an application object
Any member of your directory (not guests) can register an application

Links:

Github doc - Register the WebApp
Microsoft doc - Register an app by using the Azure portal
Registration page link (direct): https://aka.ms/aspnetcore2-1-aad-quickstart-v2

Register App to Azure AD in Azure portal

Steps (see screenshots below):

Go to: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
New Registration
Fillup details > register

Redirect URI:

Redirect URI depending on middleware used:
- OAuth2 middleware: /.auth/login/aad/callback
- OpenID connect middleware: /signin-oidc
we are gonna use OpenID connect middleware and run demo app on localhost => https://localhost:44321/signin-oidc
you can use any port, port can be changed after creating demo app

Notes:

unless the Web App calls a Web API, no certificate or secret is needed
if we register app in Azure AD Portal:
- scaffold project (create app) with no authentication
- copy Azure AD info (Domain, TenantId, ClientId etc.) and put it in user secrets
- get Azure AD info from user secrets and configure WebApp in Startup class

Azure Active Directory - Register App to Azure AD in Azure portal Step 1

Azure Active Directory - Register App to Azure AD in Azure portal Step 2

Azure Active Directory - Register App to Azure AD in Azure portal Step 3

Azure Active Directory - Register App to Azure AD in Azure portal Step 4

Azure Active Directory - Register App to Azure AD in Azure portal Step 5

Azure Active Directory - Register App to Azure AD in Azure portal Step 6

App registration for App Service Easy Auth

For PoC/Demo, create new app registration
In case you want to use existing App registration, check and update following accordingly:
- Branding
- Authentication
- Certificates & secrets
- Expose an API
Go to Manifest & verify oauth2Permissions (+ other settings)

Redirect URI

Redirect URI: <app-url>/.auth/login/aad/callback

Example: https://easyauthdemoapp.azurewebsites.net/.auth/login/aad/callback

Gather required information for “App Service Easy Auth”

Client ID: 858430e8-169a-4d47-bbe9-ec4f2fda96d9
Tenant ID: d68fc4a4-063a-4ea9-be32-8178a5cc29c7
Client secret (optional): jXr.Ku7M.c9Koj6A.A7_W-fMvs4d4T.5dm
Application ID URI: https://easyauthdemoapp.azurewebsites.net

Scope

Scope name: user_impersonation
Admin consent display name: Access my app
Admin consent description: Access my app... bla bla bla

App registration for App Service Easy Auth Step 1

App registration for App Service Easy Auth Step 2

App registration for App Service Easy Auth Step 3

App registration for App Service Easy Auth Step 4

App registration for App Service Easy Auth Step 5

App registration for App Service Easy Auth Step 6

App registration for App Service Easy Auth Step 7

App registration for App Service Easy Auth Step 8

App registration for App Service Easy Auth Step 9

App registration for App Service Easy Auth Step 10

App registration for App Service Easy Auth Step 11

App registration for App Service Easy Auth Step 12

App registration for App Service Easy Auth Step 13