I developed a native app which sync Active directory using Azure graph api and the AD data is consumed by web and mobile apps. It is working fine.
But now my client wants to use same app for AD syncing purpose in another server which is may be windows server 2008 or below. Which is not support Azure platform as per clients technical team.
My question is that is there any way can I use same app without using azure platform or can is there any way can I use AD graph API in windows server? In else case I will need to do development from the scratch using LDAP.
Thanks in Advance
Currently, there is no way to "deploy" neither the Azure AD Graph nor the Microsoft Graph such that you can leverage the same code for on prem and the cloud. As you've indicated, you will need to either have two apps or have a fork in your code to call the Graph when running with Azure AD and do LDAP queries when running purely on prem.
Related
I was wondering how I could connect a mobile app created in ionic to azure, the app needs to interact with Dynamics CRM where all the data is. My guess is that I have to login via Azure AD , get the token, create API endpoints in Azure ( which service? ) or expose them, nd query the endpoint with the token.
Is this the right workflow?
thanx in advance
You're pretty much on the right track. You can host your API in an Azure App Service. You can also secure it by integrating Azure AD with your app service using your token. This tutorial walks through using a front-end and back-end app and securing communication with it. Since your already have a front-end, you can ignore those steps. Although the same is a .NET Core application, the same applies if you were to write your API in NodeJS or another language.
Hope this helps.
There doesn't appear to be much information available on developing a custom Azure Active Directory Enterprise Application. Is the developer information available anywhere?
e.g. develop an application that will appear in the list of Enterprise Applications in the Azure Active Directory gallery and that, once developed (in C#), allows SSO and provisioning of an external system, based on users and groups in Azure Active Directory
If you want to publish your app to azure ad gallery, you submit your request for access in the Application Network portal and implement SSO by using the federation protocol or by using the password SSO and request for user provisioning.
For more details of these steps, you can refer to this tutorial about how to publish the app to azure ad gallery. In this tutorial, there are also some links which may help you on how to do the development(such as integrate your application with Azure AD by using the Open ID Connect protocol, how to support SAML 2.0 and so on).
We have an API, we planning to publish this API in the Azure marketplace under developer service. For authentication, we are planning to use developer service SSO (Single sign-on) in API. I googled this but can't find any useful link, please suggest some links
Azure AD B2C became generally available recently and it somehow offers what you are looking for. You can use local Azure identity and/or social account for your end users to authenticate with SSO support.
https://azure.microsoft.com/en-us/services/active-directory-b2c/
With that being said and although you can secure your Web API with AAD b2C as in this guide, your customers won't be able to call this WebAPI from their own applications as the calling app must be registered in the same Azure AD directory with the same application Id. This is a limitation that is mentioned here:
Note:
Azure AD B2C currently supports only web APIs that are accessed
by their own well-known clients. For instance, your complete app may
include an iOS app, an Android app, and a back-end web API. This
architecture is fully supported. Allowing a partner client, such as
another iOS app, to access the same web API is not currently
supported. All of the components of your complete app must share a
single application ID.
If the above limitation is OK with you, then you might also be interested in this Azure article to list your app in the Azure AD application gallery.
I am developing a WP8 app, which requires authentication in order to get a token to call the web api backend. I don't want to create my own account management mechanism, because it seems silly in our day and age to implement my own account repository.
I am using Azure anyway, so I thought to leverage it for the user management and authentication/authorization. What better place to manage users than Active Directory. If I also use ACS, I can get both "native" accounts and using other providers (Facebook, Microsoft Accounts, etc.) right out of the box.
So I have been searching for DAYS and I can't find even one tutorial or example or even someone talking about a flow that includes WP8, Azure AD/ACS and Web API.
I can only find tutorials on authenticating with Mobile Services and I don't want to use that, as it seems much to simple for what I need.
Is this use case even supported currently? Can one authenticate users of a WP8 app using Azure AD and then receive a token for authorization with a Web API hosted in a VM?
Vittorio has just blogged about this:
A Sample Windows Phone 8 App Getting Tokens from Windows Azure AD and ADFS.
The article also has a link to his earlier one - Fun With Windows Azure AD: Calling REST Services from a Windows Phone 8 App (which may have been one you found?).
We plan to use Windows Azure Mobile Services for several of our commercial apps and would like to create a single data store for users instead of creating it for every mobile service. We don't want to use Microsoft or Facebook... providers due to this issue Multiple apps using a single Azure Mobile Service for Live Authentication?
This way, the user data for all our apps is stored in single separate Custom_Auth database and the users won't need to Register again for our other apps. Should we create a separate mobile service that basically enables custom authentication and acts as a provider for other apps?
Do you see any pitfalls with this approach and what steps would I need to take for creating this custom provider as a separate mobile service?
Basically, we want to create our own provider so that user of one our apps can login to the other apps using the same credentials.
I have read through the following links. Posting them here as they may be useful for others starting out with Authentication and Azure Mobile Services.
http://www.thejoyofcode.com/Generating_your_own_ZUMO_auth_token_Day_8_.aspx
http://www.thejoyofcode.com/Fetching_a_basic_user_profile_in_Mobile_Services_Day_9_.aspx
http://www.thejoyofcode.com/Exploring_custom_identity_in_Mobile_Services_Day_12_.aspx
http://chrisrisner.com/Authentication-with-Windows-Azure-Mobile-Services
Thanks in advance
Hope this helps you
http://chrisrisner.com/Authentication-with-iOS-and-Windows-Azure-Mobile-Services
Someone created a custom authentication API using AZURE
with Parse.com, you are limited to their backend and unfortunately it doesn't have all the nice features as Azure
MS really messed us around with this