We have two separate apps for both front-end written in AngularJS (from 5 years ago) and back-end in Spring boot which are deployed separately
Is there a way of using Azure AD authentication with AngularJS front-end and Spring-boot back-end?
Is there a way of using Azure AD authentication with AngularJS
front-end and Spring-boot back-end?
To use Azure AD authentication with AngularJS (Front-end) and spring-boot ( back end) ,Here is the sample/Example .
Also , You can grant Authentication using Microsoft identity platform and OAuth 2.0 authorization code flow .
Reference:
. Angular MSAL Login example| GitHub
. Authentication for application with Azure AD
Related
I am working on VueJS SPA, which connects to Web API protected by Azure AD. I would like to implement the BFF Pattern(Backend for FrontEnd), which improve the security of the application where the token management happens on the server side. I could not find good examples using Azure AD identity. Appreciate if someone could share any good example that helps as a template for BFF using SPA framework.
Please check if below references can give an idea .
This demo will show implementation of SPA in Angular but this could easily be switched with Blazor, React or a Vue.js UI.
An API is created specially for the Angular UI and the other APIs can only be able to access from the trusted backend which can be under our control.
This is almost similar to the backend for frontend application architecture (BFF). The API uses Microsoft.Identity.Web to implement the Azure AD security. All API HTTP requests to this service require a valid access token which was created for the service.
References:
asp.net - SPA (Vue), BFF and IdentityServer on IIS setup? - Stack
Overflow
Securing and accessing APIs with Azure Active Directory | by Cheranga Hatangala |
Other- references:
Building and securing an ASP.NET Core API with a hosted Vue.js UI (damienbod.com)
c# - How to serve SPA on root using Azure AD's AuthorizeforScopes in
a BFF - Stack Overflow
Does MSAL.js support the check_session_iframe OIDC
endpoint? - Stack Overflow
I have an asp.net web api and angularjs(1.4.x) app and planning to use Azure AD for authentication and single sign on feature. Most of the examples are using ADAL, which is deprecated as per Microsoft. Can anyone share some examples of what changes need to be done in Web api and AngularJS app?
Migrate ADAL.js to MSAL.js for Azure AD Authentication for AngularJS+ASP.NET Core application.
You could try #azure/msal-angularjs for AngularJS SPA
When migrating ADAL.js to MSAL.js, you need to use #azure/msal-angular that is based on Microsoft identity platform v2.0.
Below is the example using MSAL Angular and call a .NET Core web API.
Example : https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial/tree/main/3-Authorization-II/1-call-api
Reference Guide Based on SO Thread: https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-compare-msal-js-and-adal-js
https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-net-migration
I've just uploaded my first app on Azure: it is a .net core MVC site + webapi + sql server. This app will be used by one user.
How can I limit the access to the app using a login, without developing that part on .net core?
One service you could use for this is App Service Authentication.
Azure App Service provides built-in authentication and authorization support, so you can sign in users and access data by writing minimal or no code in your web app, RESTful API, and mobile back end, and also Azure Functions.
If the user is from a specific location, you could also look into how you can configure Azure App Service Access Restrictions.
I have an ASP.NET MVC5 application which has WEB API2 project with few controllers within it. I have setup AzureAD authentication for the ASP.NET MVC5 project using AzureAD and OpenID connect and OWIN middleware.
Everything is working fine from ASP.NET MVC project point of view. The WEB API2 controller are used here to process the requests coming from angularjs, Android
and iOS app. There is a requirement for a WebAPI controller to process requests from unauthenticated clients (angularjs, Android, iOS apps) which issue AJAX requests.
Prior to the AzureAD authentication setup it was configured with on premise ADFS authentication. In this case I followed the below link to by pass on premise ADFS authentication for the
WEB API2 controllers and it worked fine for me.
Can I bypass organizational authentication for a WebAPI controller inside an MVC app?
Can anyone help me to know how to bypass the azuread authentication for the WEB API2 controllers to allow requests from unauthenticated clients in this case with some code samples ?
The web API controller is access-able for anonymous user by default. If you got the unauthenticated issue(401) when the anonymous user access that controller, please check whether there is Authorize attribute for the specific controller and remove that attribute.
This is my scenario: Client Windows Forms app authenticates with Azure AD and uses the access token to access several web api services. Until now, I was using the endpoint 1 and using the Azure portal to register both apps. It seems like there's a new way now, but I'm a little lost here.
For starters, it seems like both apps (client and server) can be registered in the same app in the new apps portal (https://apps.dev.microsoft.com). I do see a place to add platforms and I have added entries for the native and web api. But where do I go from here? For instance, in the azure portal, I must configure the client app in order for it to call the web api services. How do I that here?
Is there a complete sample for this scenario like the one we have to ADAL (https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-code-samples#native-application-to-web-api)?
Thanks,
Regards,
Luis
Please firstly refer to this document to know what's different about the v2.0 endpoint .When you build applications that integrate with Azure Active Directory, you need to decide whether the v2.0 endpoint and authentication protocols meet your needs. Please see the limitations of azure ad v2.0, such as you can use the v2.0 endpoint to build a Web API that is secured with OAuth 2.0. However, that Web API can receive tokens only from an application that has the same Application ID .
The v2.0 endpoint does not support SAML or WS-Federation; it only supports Open ID Connect and OAuth 2.0 ,To better understand the scope of protocol functionality supported in the v2.0 endpoint, read through OpenID Connect and OAuth 2.0 protocol reference.
You could refer to document how to call a web API from a .NET web app with Azure AD V2.0 (using MSAL to acquire and use access tokens), and here is the code sample on Github . The document includes how to add basic sign-in to a web app or how to properly secure a web API in azure ad v2.0 .