0% found this document useful (0 votes)
9 views3 pages

Steps For Azure AD Integration in ASP

The document outlines the steps for integrating Azure Active Directory (AD) in an ASP.NET Web API, starting with app registration and specifying account types. It details the configuration required in appsettings.json, the addition of the Microsoft.Identity.Web package, and necessary authentication code in program.cs. Finally, it emphasizes the importance of using [Authorize()] and [RequiredScope] annotations in the controller to manage access permissions.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
9 views3 pages

Steps For Azure AD Integration in ASP

The document outlines the steps for integrating Azure Active Directory (AD) in an ASP.NET Web API, starting with app registration and specifying account types. It details the configuration required in appsettings.json, the addition of the Microsoft.Identity.Web package, and necessary authentication code in program.cs. Finally, it emphasizes the importance of using [Authorize()] and [RequiredScope] annotations in the controller to manage access permissions.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Steps for Azure AD Integration in ASP .

net Web API:


1. Create an APP Registration
Under app registration we need to enter details like
a. Adding name
b. Supported Account Types
i. If we want to use only for our internal owner then select (Default
Directory only – Single Tenant)
ii. We will be going to have multiple users from other organization also,
so we need to go with the (Any Microsoft Entra ID tenant - Multitenant)
2. We require Application (client) ID and Directory (tenant) ID
3. Next we need to navigate to expose an API

We need to set to an Application ID URI

After generating the API URI we need to add a scope:

Clicking on scope will open a dialog box as shown below


Where we need to fill the required permissions and make sure that state is
enabled and click on add scope will create the scope.

4. Under the appsettings.json we will be adding following things as shown


below:
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com",
"ClientId": "Application (Client) Id",
"TenantId": "Directory (Tenant) Id",
"Scopes": "Forecast.Read"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*"
}

5. Next we need to add dotnet package Microsoft.Identity.Web


6. In program.cs we need to add authentication code as mentioned below

using Microsoft.Identity.Web;
using Microsoft.AspNetCore.Authentication.JwtBearer;
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationSche
me).AddMicrosoftIdentityWebApi(builder.Configuration, “AzureAd”);

We can skip the second argurment as we are using the AzureAd default.
7. After app.useHttpsRedirection() and before app.UseAuthorization() add
app.UseAuthentication();

8. At controller level we need to add [Authorize()] annotations to the class


name.
[ApiController]
[Route("[controller]")]
[Authorize()]
public class WeatherForecastController : ControllerBase
{
// Controller logic……
}

9. We need to then define the scope to the controller function by using the
data annotation as shown below:
[RequiredScope("Forecast.Read")]
[HttpGet]
public IEnumerable<WeatherForecast> Get()
{

if we skip any endpoint with the above annotations then we will get forbidden error.
We can also add the above annotations at the controller level.

You might also like