Thursday, August 14, 2014

Creating Azure Serice with Active Directory Login

When we are working with different requirements in a project there may be issues like this. Clients want to available all data in the application (with application) just for authorized users. Ex: All management portals may just only available for mangers

In this kind of scenario developers need to maintain separate authentication mechanisms to authenticate users. Specially those mechanisms may not be the perfect in security point of view.

Azure provide great solution for it with the help of Visual Studio. You can use Azure Active Directory (AD)  users to authenticate. It will very secure and its just use Azure portal log in to your application. You can use log ins in your on premises Active Directory too. You need to just make tunnel between Azure active directory and your on premises AD. Then all changes in your on premises AD is Sync with Azure AD with help of Active Directory Federation Service (ADFS)

Lets start our project


1. First Login to Azure Portal manage.windowsazure.com and then go to the Click on Active Directory












2. If you don't have AD User Directory to use  Then Click on New -> Active Directory -> Directory->Custom create











3. From the wizard you can use existing directory or create new directory. If you use existing directory to create new directory all the users in that directory will be added to the new one. In here I'm going to create new directory

















4. Once directory created click on it and go to users . It will automatically added created user as user.


5. If you need to add user to AD Click on ADD User button in bottom and add user. May be existing AD , From Microsoft account or may be company user. In later in this post I'll tell you how to add company user



















Im adding Microsoft Account




















Fill the required data and you are done

Create New User



















If you enabled Multi-Factor Authentication it will ask for phone number verification with SMS when user login . Its Nice feature .......
Just like in Microsoft Store Login ....Its free

Then Create temproy Password















If you need sent password to the user















And Done :)

Lets go back ..



Now we have Azure AD with required users ..

Now go to Visual studio and start Azure Cloud service project as in my previous post Creating  Cloud Service Up to Step 3

Here is step 3


















In here click on Change Authentication button.


Then use Organizational Account option












Select Single sign On (here we just use Azure AD)











Enter your  Azure AD Domain and select the required authorities from Access level













Then click Ok we are done .......


Debug Tips ..

If you found user credential verification failed azure  error with visual studio
  1. Shut down Visual Studio
  2. Go to your Azure management portal, and create a new user account within the Active Directory you created (I set mine as a Global Admin).
  3. Open up VS again and go through the steps of creating the WebApi project. This time, when you choose Organizational Accounts for authentication, use the credentials of the user that you just created - it should work now.



Enjoy





0 comments: