Azure Active Directory – Web app / Api – Step by step

In continuation of my previous blog – Register an app with the Azure Active Directory v2.0 endpoint – demonstrating how to create an Application Type: Web App /API within Azure.

Create Web app / API

Step 1: Create

1. Login to portal.azure.com
2. Go to Azure Active Directory > App registrations > New Application Registration
3. In the Name field, give a descriptive name
4. Choose Web app / API
5. For Sign-on Url:

• If you are doing a POC, give a https://localhost:{port number}/
• If you are planning to host the code on Azure Web App, then provide as follows: https://{youwebapp}.azurewebsites.net/

6. Click on Create

Step 2: Configure

1. Once the App is created, click on SettingsUnder Keys, we are going to set the “Client Secret”,

• Enter a Key Name (descriptive)
• Enter an Expiration Value
• On Save, the Client Secret will be generated,?take a note of it as it gets hidden once you leave the screen.

Now Under Required permissions, based on all available API, set all necessary permissions you need to, please note here that after settings up permissions, you/AAD Admin need to “Grant” them explicitly otherwise it will not work.

Step 3: Take Note

1. Application ID – which is the Client ID
2. Client Secret as per step 10
3. Tenant ID => Azure Active Directory > Properties > Directory ID

Web app / API – Usage

In this?POC ?– I am getting the Current User Request [me] using GraphServiceClient.

1. Download the project (use Nuget Manager to download necessary references).
2. In the GraphController, update ClientId, ClientSecret, TenantId as per above step?
3. Update the UriString as per above step
4. Build and run the code
5. The entry point is the Gettotken responsible for the Authentication? – Access the code using following your local IIS url?https://localhost:12345/Graph/Gettoken

A. Get Authorization Code (see the solution for complete code)

AuthenticationContext authContext = new AuthenticationContext(authorityURL, true);
Task redirectUri = authContext.GetAuthorizationRequestUrlAsync(resource, clientId, new Uri(uriString), UserIdentifier.AnyUser, string.Empty);
redirectUri.Wait();
return Redirect(redirectUri.Result.AbsoluteUri);        

Please note here that the AbsoluteUri has to match with the UriString otherwise it won’t work – this is an extra layer of security added by Microsoft.Once successful, it will redirect to the Gettoken method once more to get the access token.

B. Use Authorization Code to request the Access Token (see the solution for complete code)

string code = Request.Params["code"];
ClientCredential clientCredentials = new ClientCredential(clientId, clientSecret);
Task request = authContext.AcquireTokenByAuthorizationCodeAsync(code, new Uri(uriString), clientCredentials);
request.Wait();
Session["code"] = request.Result.AccessToken;
return RedirectToAction("Index");        

Once successful, it will redirect to the Index method for further processing.

C. Use Authorization Code to request the Access Token (see the solution for complete code)

public ActionResult Index(string authenticationCode)
{
string code = (string)Session["code"];
GraphServiceClient graphClient = GetGraphClient(code);

//Get User information [me]
Task meRequest = graphClient.Me.Request().GetAsync();
meRequest.Wait();
           
User resultMeRequest = meRequest.Result;
Response.Write(resultMeRequest.AboutMe);

return View();
}        

As a summary, we continued our journey with Azure Active Directory v2.0 endpoint, focusing on creating and configuring a Web App / API. The process is straightforward:

1. Creation: We start by logging into the Azure portal and navigating to the ‘App registrations’ section under ‘Azure Active Directory’. Here, we create a new application registration, providing a descriptive name and choosing ‘Web app / API’ as the type. The Sign-on URL can be a localhost for a POC or an Azure Web App URL for a hosted application.
2. Configuration: Once the app is created, we move to the ‘Settings’ and ‘Keys’ sections to set up the ‘Client Secret’. After entering a key name and expiration value, we save to generate the Client Secret. It’s crucial to note this down as it becomes hidden once we leave the screen. We also set up necessary permissions under ‘Required permissions’, which need to be explicitly granted.
3. Important Details: We note down the Application ID (Client ID), Client Secret, and Tenant ID for future use.

The post also provides a detailed walkthrough of using the Web App / API in a POC, explaining how to get the current user request using GraphServiceClient, and how to update, build, and run the code. It covers the process of getting the authorization code, using it to request the access token, and using the access token for further processing. The code snippets provided guide you through each step of the process.

Stay tuned for more insights on working with Azure!