Some weeks ago I followed this article in MSDN Magazine on how to configure client access to a web api, protected by an Azure AD organizational account and hosted in Azure. It worked perfectly.
http://msdn.microsoft.com/en-us/magazine/dn463788.aspx
But now when I was about to add Another api and client, things have changed in the portal.
The Native Client Application configure Page Azure Management Portal seems to have change in the recent days - there is no longer a "web api" section at the bottom where you can select the web api for the client to access, (see figure 6 in the article) instead there is a "Permissions to other applications" section with a list of applications, but your web api's are not shown there, only Exchange, AD and other "default" Azure apps. I'm pretty confused now how to give a client access to a web api... hope this is the right place to ask!
The changes you see are part of the new features released last week. You can read more about them in a Blog post from the AD Team: "New OAuth2.0 features make it easy to write Azure AD connected apps for the Web, iOS, Android & Windows!"
Interestingly enough, when I create a new application and look at the configure tab a "Windows Azure Service Management API" is an option in the first drop down. You might try looking again today. For what it is worth I don't see anything other than WAAD and the management API as something I can select. The selections must be limited for some reason based on account maybe?
Especially in these preview features expect things to change with little to no warning. Probably the best place to seek out more information is on the Windows Azure AD Forums.
Related
I need to add pages (kind of static web pages) in Azure APIM Developer Portal to display documentation. Is there any tutorial to explain how to achieve it?
Is there a way I can read the text content from REST API calls and populate the pages in Dev portal?
I believe the issue is more or less similar to this where you are trying to update documentation properly at Azure Api Managment developer portal.
In that case, as mentioned in the thread, you can try with swagger but in APIM portal it might not work immediately. Microsoft product team has confirmed that they working on improvig support for OpenAPIv3. The ETA is about end of September.
However, you may also check the self-hosted gateway feature
The self-hosted gateway feature expands API Management support for hybrid and multi-cloud environments and enables organizations to efficiently and securely manage APIs hosted on-premises and across clouds from a single API Management service in Azure.
Overview
I have running the basic todoitem app service running on azure. Calling the below url will display the content in the todoitem table. How can I add basic security to prevent this data from being accessed by anyone, like a basic parameter, ToDoItem?MyToken=12345.
https://MyappService.azurewebsites.net/tables/ToDoItem
How can I add basic security to prevent this data from being accessed by anyone, like a basic parameter, ToDoItem?MyToken=12345.
I would recommend you using the build-in Authentication and authorization in Azure App Service.
App Service supports five identity providers out of the box: Azure Active Directory, Facebook, Google, Microsoft Account, and Twitter. To expand the built-in support, you can integrate another identity provider or your own custom identity solution.
Here are some great tutorials, you could refer to them:
For Node.js backend, you could follow 30 DAYS OF AZURE MOBILE APPS.
For developing azure mobile apps with C#, you could follow here.
I have configured the Azure AD Authentication for my asp.net core project using the services of "Microsoft.AspNetCore.Authentication.*" packages. The project is expected to be deployed to Azure App Service as a Web App.
While I enabled Azure AD authentication, I also see there is an option to enable the same at the Web App level through Application Settings on Azure Portal.
I have question around which option is recommended. I do see when I don't leverage Azure AD authentication configured via nuGet packages, I don't have OpenId connect service plugged into the StartUp.cs file. And I think these services are pivotal in populating the authentication properties like User.Identity.Name. On the other hand with just portal enabled authentication, I don't see this information populated. So, I presume if I want to do further work with logged in user's identity, like leveraging current claims information for authorization, I won't be able to achieve that with portal only authentication.
Your assessment is basically correct. The portal-enabled authentication runs completely outside your application and isn't capable of setting User.Identity.Name when using .NET Core (that level of integration only works with ASP.NET 4.x).
My recommendation is to use the ASP.NET Core NuGet package so you can get the full integration. It's a lot more work to set up, but once you get it working you should be in good shape and get the full end-to-end experience you want.
If you are interested in using the portal-enabled Azure AD authentication support, then take a look at this StackOverflow question to learn how you can get it to work with User.Identity.Name.
I am developing a WP8 app, which requires authentication in order to get a token to call the web api backend. I don't want to create my own account management mechanism, because it seems silly in our day and age to implement my own account repository.
I am using Azure anyway, so I thought to leverage it for the user management and authentication/authorization. What better place to manage users than Active Directory. If I also use ACS, I can get both "native" accounts and using other providers (Facebook, Microsoft Accounts, etc.) right out of the box.
So I have been searching for DAYS and I can't find even one tutorial or example or even someone talking about a flow that includes WP8, Azure AD/ACS and Web API.
I can only find tutorials on authenticating with Mobile Services and I don't want to use that, as it seems much to simple for what I need.
Is this use case even supported currently? Can one authenticate users of a WP8 app using Azure AD and then receive a token for authorization with a Web API hosted in a VM?
Vittorio has just blogged about this:
A Sample Windows Phone 8 App Getting Tokens from Windows Azure AD and ADFS.
The article also has a link to his earlier one - Fun With Windows Azure AD: Calling REST Services from a Windows Phone 8 App (which may have been one you found?).
I created an empty Azure cloud service and I want to allow other developers to deploy to it. So far the only route I can see is adding the developers as Azure subscription administrators. I would rather give them more specific access to the cloud services only.
No such functionality exist today which will allow you to grant/revoke permissions at the cloud service level. Once a developer is provided access to the subscription, they would have access to all the resources under that subscription.
There's a REST API behind cloud service deployments and all the tools (including Windows Azure Portal and Visual Studio) consume this API for creating deployments. One possible solution would be to build your own solution consuming this API. In this solution you will implement access control based on your requirements so that when your user use this service, they will only see the cloud service they're assigned to and can only manage that cloud service. There's a managed library for consuming this API. You can find more information here: http://www.bradygaster.com/post/getting-started-with-the-windows-azure-management-libraries.
It seems that if the original developer downloads the publish profile from Azure (it's an xml file that with a .PublishSettings extension), you can copy the userPWD from that file, give it to another developer and they can paste it into the password field in the Connection section of the Publish dialog.
The userPWD is a string that looks something like this:
EFFCLfDqDKHlXcA2YDZPvX4BZXWFaobxaLN0aPJd4HCfa8WxlqEkt2yywBsx