I have an asp.net web api and angularjs(1.4.x) app and planning to use Azure AD for authentication and single sign on feature. Most of the examples are using ADAL, which is deprecated as per Microsoft. Can anyone share some examples of what changes need to be done in Web api and AngularJS app?
Migrate ADAL.js to MSAL.js for Azure AD Authentication for AngularJS+ASP.NET Core application.
You could try #azure/msal-angularjs for AngularJS SPA
When migrating ADAL.js to MSAL.js, you need to use #azure/msal-angular that is based on Microsoft identity platform v2.0.
Below is the example using MSAL Angular and call a .NET Core web API.
Example : https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial/tree/main/3-Authorization-II/1-call-api
Reference Guide Based on SO Thread: https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-compare-msal-js-and-adal-js
https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-net-migration
Related
I am working on VueJS SPA, which connects to Web API protected by Azure AD. I would like to implement the BFF Pattern(Backend for FrontEnd), which improve the security of the application where the token management happens on the server side. I could not find good examples using Azure AD identity. Appreciate if someone could share any good example that helps as a template for BFF using SPA framework.
Please check if below references can give an idea .
This demo will show implementation of SPA in Angular but this could easily be switched with Blazor, React or a Vue.js UI.
An API is created specially for the Angular UI and the other APIs can only be able to access from the trusted backend which can be under our control.
This is almost similar to the backend for frontend application architecture (BFF). The API uses Microsoft.Identity.Web to implement the Azure AD security. All API HTTP requests to this service require a valid access token which was created for the service.
References:
asp.net - SPA (Vue), BFF and IdentityServer on IIS setup? - Stack
Overflow
Securing and accessing APIs with Azure Active Directory | by Cheranga Hatangala |
Other- references:
Building and securing an ASP.NET Core API with a hosted Vue.js UI (damienbod.com)
c# - How to serve SPA on root using Azure AD's AuthorizeforScopes in
a BFF - Stack Overflow
Does MSAL.js support the check_session_iframe OIDC
endpoint? - Stack Overflow
We have two separate apps for both front-end written in AngularJS (from 5 years ago) and back-end in Spring boot which are deployed separately
Is there a way of using Azure AD authentication with AngularJS front-end and Spring-boot back-end?
Is there a way of using Azure AD authentication with AngularJS
front-end and Spring-boot back-end?
To use Azure AD authentication with AngularJS (Front-end) and spring-boot ( back end) ,Here is the sample/Example .
Also , You can grant Authentication using Microsoft identity platform and OAuth 2.0 authorization code flow .
Reference:
. Angular MSAL Login example| GitHub
. Authentication for application with Azure AD
I have two web applications (App1 and App2) using Web API 2 and AngularJS.
App1 has a list of projects and App2 has a list of clients. They are both protected by the same ADFS.
Once I modify a project, I want to send a request from App1 (server-side) to App2. I think that it can be done by using Account Service (adfs). Can anyone recommend a solution?
What version of ADFS?
Can you use web API?
ADFS 3.0 has support for web API only.
ADFS 4.0 has full OpenID Connect / OAuth support.
This is my scenario: Client Windows Forms app authenticates with Azure AD and uses the access token to access several web api services. Until now, I was using the endpoint 1 and using the Azure portal to register both apps. It seems like there's a new way now, but I'm a little lost here.
For starters, it seems like both apps (client and server) can be registered in the same app in the new apps portal (https://apps.dev.microsoft.com). I do see a place to add platforms and I have added entries for the native and web api. But where do I go from here? For instance, in the azure portal, I must configure the client app in order for it to call the web api services. How do I that here?
Is there a complete sample for this scenario like the one we have to ADAL (https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-code-samples#native-application-to-web-api)?
Thanks,
Regards,
Luis
Please firstly refer to this document to know what's different about the v2.0 endpoint .When you build applications that integrate with Azure Active Directory, you need to decide whether the v2.0 endpoint and authentication protocols meet your needs. Please see the limitations of azure ad v2.0, such as you can use the v2.0 endpoint to build a Web API that is secured with OAuth 2.0. However, that Web API can receive tokens only from an application that has the same Application ID .
The v2.0 endpoint does not support SAML or WS-Federation; it only supports Open ID Connect and OAuth 2.0 ,To better understand the scope of protocol functionality supported in the v2.0 endpoint, read through OpenID Connect and OAuth 2.0 protocol reference.
You could refer to document how to call a web API from a .NET web app with Azure AD V2.0 (using MSAL to acquire and use access tokens), and here is the code sample on Github . The document includes how to add basic sign-in to a web app or how to properly secure a web API in azure ad v2.0 .
I am a beginner with ADFS and do not know where to begin. I have an AngularJS 1.4.9 application which makes Ajax calls to an ASP.NET Web API 2.2 service.
Both applications are hosted within IIS under the same site and both use Windows Authentication on my company’s intranet. I’d like to modify them to use ADFS so that these applications can be accessed from the internet without a VPN.
You are better off looking into using the web application proxy (WAP)functionality for now. WAP allows publishing internal resources and making them internet accessible.
Once you get AD FS and WAP deployed, see step 3 in https://technet.microsoft.com/en-us/library/dn280943.aspx#BKMK_3
You can then look to slowly updating your applications to use federated authentication with AD FS.