What is Azure Active Directory?
Azure Active Directory (Azure AD) is a cloud-based identity and access management service. The service helps employees access external resources such as his Microsoft 365, Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps you access internal resources such as apps on your corporate intranet or cloud apps developed for your own organization. Learn more about creating a tenant for your organization.
Who is using Azure AD?
Azure AD is intended for:
- IT Admin
As an IT administrator, you use Azure AD to control access to apps and app resources based on your business needs. For example, you can use Azure AD to require multi-factor authentication when accessing critical corporate resources. You can also use Azure AD to automate user provisioning between your existing Windows Server AD and cloud apps such as Microsoft 365. Finally, Azure AD automatically protects user identities and credentials and provides powerful tools to meet your access control needs. First, sign up for a 30-day free trial of Azure Active Directory Premium. - App developer
App developers can use Azure AD as a standards-based approach to adding single sign-on (SSO) to their apps, allowing them to work with users' existing credentials. Azure AD also provides APIs that you can use to create personalized app experiences using your existing enterprise data. First, sign up for a 30-day free trial of Azure Active Directory Premium. See also Azure Active Directory for developers for more information. - Microsoft 365, Office 365, Azure, or Dynamics CRM Online subscribers
As a subscriber, I'm already using Azure AD. All Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenants are automatically Azure AD tenants. Start managing access to your integrated cloud apps today.
Let's start with a practical example
First, I followed this blog to add cookie authentication to my code. It provides a login page where you can log in. The AccountController also provides some dummy user accounts that can be used to log in for testing purposes.
I then added code to the login page to provide the option to log in using AAD.
Modify the Program.cs file to add multiple authentication schemes.
Here is my code, Program.cs
Note: If you have not installed any required NuGetPackage then please install NugetPackage according to the requirement
So, see the above code and understand here I set the CookieAuthenticationDefaults.AuthenticationScheme as the default authentication scheme and also added Microsoft sign-in page see the above program.cs code and set exactly what I did.
Let's add HomeController and put the below code
In the next step we have to add a Model class, So let's add two models LoginModel and UserModel as shown below.
please create two separate model LoginModel and UserModel
Now add the below code into AccountController (Create new AccountController if not created)
Here you can see I have added the Login action method, In this method, I added the required code so please add the code as mine.
So,need to add one view under the Login action post method. Add view and put the below code
View >> Account >>Login.cshtml:
And in the next step need to add some view code into ConfidentialData.cshtml, (If not created view please add view under Home)
View -> Home -> ConfidentialData.cshtml
Now the most important part is to add one partial view that we use as a layout for our AD login process.
Please don't forget to add this partial view under the shared folder.
View -> Shared -> _LoginPartial.cshtml
So now almost the code is done just need to add some AD configuration keys into the appsetting.json file
appsetting.json
This code worked fine on my side and allowed me to login with cookie auth and aad. I noticed that @User.Identity.Name doesn't show my username after signing in with aad. However, the login flow actually succeeds.
For a better understanding please set all the code as mine and run the application and try to login with AD please use a debugger for better understanding.
If you have any queries or something else please feel free to contact me at my email id rmgami93@gmail.com or comment here.