Blog Post

Apps on Azure Blog
2 MIN READ

How to Apply Easy Auth on Web App under a High-security policy environment

theringe's avatar
theringe
Icon for Microsoft rankMicrosoft
May 14, 2024

With increasing emphasis on security issues, enterprises are imposing significant restrictions on internal resources and operations accessible to employees. If your Azure account does not have sufficient AAD (i.e., of Microsoft Entra) permissions, you will be unable to swiftly create easy auth in a web app. This article serves as a simple guide to walk you through the process of setting up easy authentication for your web app.

 

 

Step 1: Create a Web App

You may choose any combination of region/sku/stack/OS, as it does not affect the overall process.

After this step, we will obtain a callback URL for use in the next step, with the following format:

https://<my-web-app-name>.azurewebsites.net/.auth/login/aad/callback

Here is my example.

https://easyauth-myapp.azurewebsites.net/.auth/login/aad/callback

 

Step 2: Create an App Registration

Input

Value

Who can use this application or access this API?

Accounts in this organizational directory only (Microsoft Non-Production only - Single tenant)

Redirect URI (optional)

Platform

Web

Redirect URI (optional)

URL

The callback URL you've setup in Step 1

Example: https://easyauth-myapp.azurewebsites.net/.auth/login/aad/callback

After this step, we will obtain an Application ID and a Tenant ID for use in the next step.

Meanwhile, we will obtain a issuer URL for use in the next step, with the following format:

https://sts.windows.net/<my-tenant-id>/v2.0

 

Step 3: Setup ID Token from App Registration

Go to Authentication page and check the "ID tokens (used for implicit and hybrid flows)" and save.

 

 

Step 4: Setup Easy Auth from Web App

Go to Authentication page, create a new authentication.

Input

Value

Identity provider

Microsoft

App registration type

Provide the details of an existing app registration

Application (client) ID

The Application (client) ID you've setup in Step 2

Issuer URL

The Issuer URL you've setup in Step 2

Allowed token audiences

https://management.azure.com

It's done!

 

Step 5: Try to use it.

If it's your first time using it, you'll see this authorization screen. Just click "Accept."

 

Updated May 14, 2024
Version 1.0
No CommentsBe the first to comment