0

I am using below code to authenticate default user in my Azure trial account.

    static void Main(string[] args)
    {
        GetTokenAsync().Wait();
    }

    static async Task<string> GetTokenAsync()
    {
        string Tenant = "mytest.onmicrosoft.com";
        string Authority = "https://login.microsoftonline.com/" + Tenant;
        string GatewayLoginUrl = "https://login.microsoftonline.com/something/wsfed";
        string ClientId = "something";
        Uri RedirectUri = new Uri("http://something");

        AuthenticationContext context = new AuthenticationContext(Authority);
        PlatformParameters platformParams = new PlatformParameters(PromptBehavior.Auto, null);
        AuthenticationResult result = await context.AcquireTokenAsync(GatewayLoginUrl, ClientId, RedirectUri, platformParams);

        return result.ToString();
    }

I want to know from where to get these values:

  • Tenant
  • Authority
  • GatewayLoginUrl
  • ClientId
  • RedirectUri

Is this much code sufficient for user authentication using AD?

Improve this question
4
  • It depends on your type of application and scenario. Depending on your app type take a look at one of the samples here
    – Peter Bons
    Commented Jan 3, 2018 at 11:25
  • @PeterBons As of now I have registered a native app. For this how to get GatewayAccessURL and Redirect?
    – RKh
    Commented Jan 3, 2018 at 11:28
  • For Redirect you can use localhost for example as a native app does not need a redirect url. GatewayLoginUrl is the app id uri that you can find in the properties of the client application
    – Peter Bons
    Commented Jan 3, 2018 at 11:38
  • @PeterBons Can you please submit this as answer? With screenshot of GatewayLoginUrl.
    – RKh
    Commented Jan 3, 2018 at 12:36

1 Answer 1

Reset to default
2

There are a couple of scenario's when it comes to protecting applications using the Azure Active Directory (See here):

These are the five primary application scenarios supported by Azure AD:

  1. Web Browser to Web Application: A user needs to sign in to a web application that is secured by Azure AD.
  2. Single Page Application (SPA): A user needs to sign in to a single page application that is secured by Azure AD.
  3. Native Application to Web API: A native application that runs on a phone, tablet, or PC needs to authenticate a user to get resources from a web API that is secured by Azure AD.
  4. Web Application to Web API: A web application needs to get resources from a web API secured by Azure AD.
  5. Daemon or Server Application to Web API: A daemon application or a server application with no web user interface needs to get resources from a web API secured by Azure AD.

You mention you have registered a Native Application. I assume you need to authenticate against the Azure Active Directory (AAD from now on) to gain access to a protected web api or web app (scenario #3) so you have to register that one as well.

static void Main(string[] args)
{
    GetTokenAsync().Wait();
}

static async Task<string> GetTokenAsync()
{
    string Tenant = "mytest.onmicrosoft.com";
    string Authority = "https://login.microsoftonline.com/" + Tenant;
    string GatewayLoginUrl = "https://login.microsoftonline.com/something/wsfed";
    string ClientId = "something";
    Uri RedirectUri = new Uri("http://something");

    AuthenticationContext context = new AuthenticationContext(Authority);
    PlatformParameters platformParams = new PlatformParameters(PromptBehavior.Auto, null);
    AuthenticationResult result = await context.AcquireTokenAsync(GatewayLoginUrl, ClientId, RedirectUri, platformParams);

    return result.ToString();
}
  • Tenant is the name of the AAD domain, it seems you got that one right
  • Authority is "https://login.microsoftonline.com/" + Tenant, so it seems you got that one right too
  • GatewayLoginUrl is the App Id Uri of the application that you are protecting
  • ClientId is the Application Id of the native application
  • RedirectUri is the Redirect Uri of the native application

Application to Protect:

enter image description here

You get the GatewayLoginUrl from here.

Native Application that accesses the Application to Protect:

enter image description here

You get the ClientId and RedirectUri from here.

Other references

You can see a full walkthrough for a native application here

For a global overview of accessing AAD protected applications using a native app see the docs

Improve this answer
3
  • Thanks for your detailed answer. I tried on Azure trial account. For my native application, I am not seeing any field: "Application ID Uri".
    – RKh
    Commented Jan 4, 2018 at 8:47
  • That is correct, a native application does not have that property, the registered webapp / api application does. Can you tell me more about this native app of yours. What api does it try to access?
    – Peter Bons
    Commented Jan 4, 2018 at 9:11
  • Another team is developing a WebAPI service for user login. I have to write authentication code. I assume first that user login service needs to be registered in AD. From that I will get AppID Uri. Later my authentication code will validate against that. But we have a Xamarin login form. Do I need to use Native to WebAPI authentication or Web App to Web API authentication?
    – RKh
    Commented Jan 4, 2018 at 9:49

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.