Azure-Active-Directory

Azure Active Directory Authentication

---

Overview

1. File / New / Configure Azure Active Directory in a new project.
2. Show the GeekQuiz solution with Azure Active Directory Authentication.
3. Deploy and show portal configuration.

Goals

In this demo, you will see how to:

1. Create an application in Visual Studio that is automatically integrated with an Azure Active Directory tenant.
2. Deploy an existing application using Visual Studio to an Azure Web App and have it automatically integrate with an Azure Active Directory tenant.

Key Technologies

• Azure Active Directory
• Visual Studio 2015

Setup and Configuration

Follow these steps to setup your environment for the demo.

1. Create a new Azure Active Directory tenant.

2. Create a new Web App in Azure.

3. Configure an Azure SQL Database following the steps provided in this link. Copy the ADO.NET connection string value.

4. In the Application settings of your new Web App, update the connection string key for the DB to DefaultConnection and value copied from previous step. Save the changes.

   

   Default connection

5. Download the publish profile. This is required for segment #2.

   Important: At the time of writing, you can only create one AD per subscription and it cannot be deleted.

6. Open Visual Studio 2015.

Demo

This demo is composed of the following segments:

1. Adding a new website to an organization.
2. Running the organization's GeekQuiz.

Adding a new website to an organization

1. Open the File / New / Project dialog and select the Visual C# / Web templates.

2. Select the ASP.NET Web Application template, name the application GeekQuiz and click OK.

   

   Creating a new project

3. Select the Web Application template under ASP.NET 5 Templates.

4. Click Change Authentication.

   

   Updating the authentication method

   Speaking Point: VS tooling allows you to enable AAD authentication easily. All you need is to provide your tenant domain name and administrator credentials, the two-way trust between your AAD tenant and your web application is automatically configured.

5. In the Change Authentication dialog box, select Work And School Accounts.

   

   Selecting Work And School Accounts

6. Expand the first combo box to show the different options.

   

   Showing the organization account types

7. Enter your domain (e.g.: "mydomainname.onmicrosoft.com") as Domain.

   

   Setting the domain name

8. Click the button with the chevron to see more options.

   

   Showing more options

9. Click OK to continue.

   

   Completing the authentication update

10. Sign in using an admin account for your organization (e.g.: "[email protected]")

    

    Signing in with an organization admin account

11. Back in the New ASP.Net Project dialog box, click OK.

    

    Completing the project creation

    Speaking Point: VS tooling configures two-way trust relationship between your app and your AAD tenant. Your app is registered as a Relying Party in the tenant; and the tenant is configured as an Identity Provider for the app.

12. Press CTRL+F5 to run the web site.

13. If a certificate error is displayed, click Continue to this website.

14. Sign in using a user account for your organization (e.g.: "[email protected]")

    

    Signing in using one of the organization's user account

15. Show that you are logged as the organization's user.

    

    Showing that you are logged as the organization's user

16. Close the browser.

Running the organization's GeekQuiz

1. Open the GeekQuiz.sln solution located under source\end-segment2.

2. Right-click the GeekQuiz project and select Publish.

   

   Publishing the Website

3. In the Publish Web dialog box, click Import.

   

   Importing the publish profile

4. In the Import Publish Settings dialog, click Browse... to select the previously downloaded publish profile file and click OK.

   

   Selecting the publish profile file

5. Back in the Publish Web dialog, click Publish.

   

   Reviewing the connection settings to deploy

   Note: If Visual Studio prompt you with the Sign in dialog box, just sign in using an admin account for your organization (e.g.: "[email protected]")

   

   Signing in with an organization admin account

6. Once the deployment is completed and the browser is opened, sign in using an admin account for your organization (e.g.: "[email protected]")

   

   Signing in with an organization admin account

7. In the Authorization page, click Accept.

   

   Accepting the application permissions

8. Show that you are logged as the organization's user.

   

   Showing that you are logged as the organization's user

9. Switch to the Azure Classic Portal.

10. Navigate to the Active Directory section and select the one used for this demo.

    

    Selecting your active directory

11. Navigate to the USERS tab and show the users that you used for the demo.

    

    Showing the organization's users

12. Navigate to the APPLICATIONS tab and filter them by Application that my company owns to show the new two applications, which were automatically created.

    

    Showing the organization's applications

---

Summary

By completing this demo you learned how to integrate your website with an existing Azure Active Directory tenant.

---