I have created a web application using Django and embedded the azure chatbot after publishing it. Once the user logs into the Web App, i would like to transmit login info to the chatbot embedded on the app in order to give customized interactions e.g. "Hello Richard, How may i help you?" etc.. I believe Azure AD SSO is a good option. But couldn't find good resources on how to implement it for my use case.
Is AAD SSO the best option?,
If yes, can anyone please guide me to resources that i can refer to implement it.
If no, please provide some info on what's the most optimal approach for this use case.
Here's the samples for Bot Authentication and Bot Authentication with Azure and MSGraph, as well as the documentation on user auth in bots.
If your users can be authenticated using Azure AD SSO, then yes, it's a good solution.
Related
I am new to Azure AD. I have to implement two websites which uses Azure Single Sign On feature to login. I have gone through few documents and blogs but it wasn't helpful enough. Could anyone suggest me a relevant document or approach for beginners.
This approach I am using:
I made a new tenant.
Made a app in app registration
Assigned the users through Enterprise Application changes
But now i have to add another website to webapp and then make sure if user logs in anyone of those then it should automatically get logged in other website as well.
When you have multiple applications in your organization, it's better to use Azure AD and you are on the right path.
To configure an application for SSO there are multiple ways. Based on your requirement you can choose any SSO protocol from below for authentication.
There are protocols like OpenID Connect, OAuth, SAML, password-based etc. to configure SSO.
As you have two websites, register two webapps in Azure AD and configure SSO
While registering the webapps, make sure to add redirect URI or Reply URLs of those two websites respectively.
Make sure both webapps are using same SSO protocol.
As mentioned in the comment by #Anand Sowmithiran, while the user is authenticating, the login flow will detect that user is already authenticated and will provide the token seamlessly.
For more in detail, please refer below links to get some idea:
Can I use Azure for SSO to multiple websites - Microsoft Q&A
single sign on - SSO with multiple azure web apps - Stack Overflow
So I recently started exploring Azure Identity Platform for this user authorization use case I'm trying to implement. After a bit of research I came across using Graph API and creating ROPC flows to handle SingUp and Login via REST API from my application. My requirement is also to allow users to use login credentials from another app (I'm not sure yet if it implements a SAML based Identity Provider method) to use services in my application. This is a typical SSO requirement, but I'm not sure if it is possible to implement alongside username-password based authentication using Azure AD B2C.
I would appreciate any leads. Thank you.
Edit: To be more precise, I am working with Java-Spring. The demo application mentioned in Azure AD documentation (Woodgrove groceries) is exactly what I'm trying to achieve. A quick google search for the same provides me with github repos with sample code that uses .Net I believe. Are there any Java sample codes that demonstrate the same?
ROPC does not support SSO if that's what you want to achieve.
I have gone through this doc:
https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0
I can understand we can sign in users using sign in cards.
But is there any other ways to do that to sign in azure ad users instead of using bot internal login process?
I am using azure web chat client and .net core to code my bot. Any assistance is appreciated.
If you use a custom WebChat channel, you can auth users first on the web page and then use tokens based on your bot business logic. For details, you can refer to this demo.
What's more, though it is not recommended, Azure AD ROPC flow will work for all channels by Azure AD rest API or Azure AD SDK to auth users. As you need to require your users to input their username and passwords in this flow while your bot interacting with users, which will carry risks are not present in other flows. You should only use this flow when other more secure flows can't be used.
Hope it helps.
I am having an unusual hard time finding an example of how to develop a multi-user Xamarin.Forms app. Imagine you wanted to develop an app for UWP, iOS and Android that users can log into and then "do stuff".
It does not matter what - for example taking notes for later access.
Since I am using Microsoft Azure, I would love to have an example which makes use of Azure Active Directory B2C for authentication (including the usage of identity providers such as Microsoft, Facebook, Google, etc.) and Azure Mobile App Service / Azure SQL, etc.
While there are samples available that show how to use ADB2C I didn't find anything related to how you would implement a multi-user app (e.g. best strategies for the database schema, access management and how this works best with an own Restful API backend and how to include it in your client code, i.e. Model, Controller,...)
Does anyone of you happen to know an end-to-end sample for this type of Scenario?
Best regards,
Christian.
To setup authentication for B2C, I would recommend MSAL. Here are some samples:
https://github.com/Azure-Samples/active-directory-b2c-xamarin-native
There are also samples available for the WebApi.
This is a simple Xamarin Forms app showcasing how to use MSAL to authenticate users via Azure Active Directory B2C, and access an ASP.NET Web API with the resulting token.
If you want to know how to setup your database to actually store user data, I would recommend using the claims provided in the token to identify the user. The best way identify the user reliably would be to use the objectId claim. It stays the same even if the user changes their email address.
The claims can also be used to show user information in your app, e.g. display name or email. You need to add the scope profile to your authentication request to get this data.
I am building a Xamarin app that will need to have users authenticated and each user will have a role. Would Azure AD OAuth 2.0 be a good solution for this scenario? Each person that downloads my app would register which would create an Azure AD user? At first I thought Azure AD was strictly for managing users within an organizations and not a way to authorize thousands of users of an app. Would I be able to seamlessly integrate Azure OAuth into my app without having to leave my app (like I would need to do with Google or Facebook OAuth)? Thanks for any clarification that would help me better understand!!
The Xamarin experience can leverage ADAL / MSAL PCL libraries for authentication (in Alpha right now) - available on nuget. You need to look at the new Azure AD Business to Consumer (B2C) offering (in preview right now).
Note that the OAuth experience this provides leverages WebViews inside of your app to perform user authentication so it doesn't differ from what you wish to avoid.
While you could theoretically change that behaviour by custom coding a solution it's probably worth considering the benefits of handing off authentication and only having to deal with the resulting tokens.