Skip to content
/ azure-appserv-custom-signin Public

App Service built-in authentication with custom client-directed sign-in

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

epomatti/azure-appserv-custom-signin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
.docs
.docs
 
 
angular
angular
 
 
webapi
webapi
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Azure App Service custom sign-in

Implementation of Customized sign-in/sign-out using App Service Authentication.

Interface that executes the authentication flow:

1 - Create the infrastructure

Create the App Service resorces:

az group create -n rgapp -l eastus
az appservice plan create -g rgapp -n planapp --is-linux --sku B1
az webapp create -g rgapp -p planapp -n appcustomsignin789 -r "DOTNETCORE:7.0" --https-only
az webapp config set -g rgapp -n appcustomsignin789 --always-on true

Add the required app settings (environment variables):

az webapp config appsettings set -g rgapp -n appcustomsignin789 \
        --settings WEBSITE_RUN_FROM_PACKAGE=1

Set up CORS:

az webapp cors add -g rgapp -n appcustomsignin789 --allowed-origins "*"

Restart the app:

az webapp restart -g rgapp -n appcustomsignin789

2 - Add Authentication to App Services

Using the Portal, add an identity provider:

  • Identity Provider: Microsoft
  • App Registration Type: Create new
  • Supported account types: Current / Single tenant
  • Restrict access: Require
  • Unauthenticated requests: HTTP 401
  • Token store: No (Uncheck the box)

➡️ Open the configuration and change the Issuer URL to the updated one:

  • Issuer URL: https://login.microsoftonline.com/{TENANT_ID}

Make sure the token audiences is configured:

  • Allowed token audiences: api://{APPLICATION_ID}

3 - Update the App Registration

Delete the Web App platform.

Create a new SPA platform with redirect URI http://localhost:4200.

Do not select any token generation for the Authentication endpoint. This will trigger the app registration to use Auth Code Flow + PKCE.

4 - Deploy the Web API to Azure

Enter the application directory:

cd webapi

Build and deploy the webapi to App Services:

bash build.sh
az webapp deployment source config-zip -g rgapp -n appcustomsignin789 --src ./bin/webapi.zip

5 - Call the APIs

To run the Angular client locally, create the angular\src\environments\environment.development.ts file:

export const environment = {
  production: false,
  APPSERV_ENDPOINT_URL: "https://appcustomsignin789.azurewebsites.net",
  AZUREAD_CLIENT_ID: "{APPLICATION_ID}",
  AZUREAD_TENANT_ID: "{TENANT_ID}"
};

Start the Angular app:

npm install
ng serve

The website should be available at http://localhost:4200

Destroy the Azure resources to avoid costs.

About

App Service built-in authentication with custom client-directed sign-in

Topics

oauth angular authentication azure authorization appservice azure-ad aad appserv oicd easyauth appservices app-services

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages