Easy Auth

Author : MD TAREQ HASSAN | Updated : 2020/11/13

What is App Service Easy Auth?

Azure App Service provides built-in authentication and authorization support, so you can sign in users and access data by writing minimal or no code in your web app
The Authentication/Authorization feature is also sometimes referred to as “Easy Auth”

Create App Service

Create a dedicated app service (WebApp) for this demo/PoC

azure_app_service_easy_auth_create_app_service_to_get_domain

Azure AD Tenant and User

Create dedicated tenant and switch to that tenant
- Do not use default tenant (use dedicated tenant)
- Delete tenant after PoC/Demo
Create dedicated user and login once to change temporary password (Azure AD might ask you to setup authentication app)

See followings and perform tasks accordingly first, and then proceed:

Follwoings are used in the demo

tenant name: AppServiceEasyAuthTenant
domain (while creating tenant): EasyAuthDemoApp (=> EasyAuthDemoApp.onmicrosoft.com)


User in newly created tenant
--------------------------------
User: hassan@easyauthdemoapp.onmicrosoft.com
Temporary pass: Wowo8300
Upadeted password: xxx

App Registration in Azure AD

See App registration for App Service Easy Auth and perform tasks accordingly first, and then proceed
After app registration, gather required information for “App Service Easy Auth”
- Client ID
- Tenant ID
- Client secret (optional)
- Application ID URI

Example

Client ID: 858430e8-169a-4d47-bbe9-ec4f2fda96d9
Tenant ID: d68fc4a4-063a-4ea9-be32-8178a5cc29c7
Client secret (optional): jXr.Ku7M.c9Koj6A.A7_W-fMvs4d4T.5dm
Application ID URI: https://easyauthdemoapp.azurewebsites.net

Configure App Service

Go to resource group: https://portal.azure.com/#blade/HubsExtension/BrowseResourceGroups
Select resource group > Select App Service
Authentication/Authorization > Authentication Provider
Azure Active Directory > Advanced
Fillup required parameters > Save

Client ID: noted before
Client secret (optional): noted before
Application ID URI: noted before

Issuer Url: <authentication-endpoint>/<tenant-id>/v2.0
Example: https://login.microsoft.com/d68fc4a4-063a-4ea9-be32-8178a5cc29c7/v2.0

Don’t forget to save “App Service > Authentication/Authorization”

Azure App Service Easy Auth Step 1

Azure App Service Easy Auth Step 2

Azure App Service Easy Auth Step 3

Azure App Service Easy Auth Step 4

Azure App Service Easy Auth Step 5

Azure App Service Easy Auth Step 6

Easy auth for pre .Net 5

Before .Net 5, ASP.Net core did not have built-in mechanism to get identity information (passed to WebApp by App service) after authentication
So, we need to create a custom middleware to fetch identity information
If you are using .Net 5+, custom middleware is not needed

See: Creating Custom Middleware for Easy Auth