Oauth2 with Microsoft Azure

Mr Edge 221 Reputation points

Following on from my other question I've become more confused than I originally was.

My goal is to implement oauth2 using the standard given at OWASP into my WebApi core project.

I've understood oauth2 is an authorization protocol. I don't understand what Microsoft Identity or App Registration found under Microsoft Azure has to do with this? I decided to go ahead and add a new App Registration but eventually led me to add a role which doesnt exist anymore https://learn.microsoft.com/en-us/answers/questions/816637/app-role-section-missing-for-the-registered-applic

I don't want anyone with a Microsoft or Google etc public account to access this service. Only for the service to get authorization once the username and password are valid that I provide which I assume is the client username and client password that I pass into my service which then returns a token for access? Is this correct?

Does anyone have any code I could look at to secure my WebApi core in this way or how this app should be setup on Azure? Appreciating any clarity on this

A set of technologies in the .NET Framework for building web applications and XML web services.
3,756 questions
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
9,428 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,007 questions
{count} votes

Accepted answer
  1. RevelinoB 1,955 Reputation points

    Hi Mr Edge,

    I apologize if I caused any confusion. But the steps to configure an App Registration in Azure for the purpose of OAuth2 authentication are the following:

    Sign in to the Azure portal (https://portal.azure.com).

    Navigate to the Azure Active Directory (AAD) service by clicking on "Azure Active Directory" in the left-hand menu.

    Click on "App registrations" to view the list of registered applications.

    Click on the "New registration" button to create a new App Registration.

    Provide a name for your application and choose the appropriate account type (single tenant or multi-tenant) based on your requirements.

    For the "Redirect URI" field, specify the URI where the authorization server will send the user back to your application after authentication. This should be the URL of your WebAPI Core application.

    Click on "Register" to create the App Registration.

    Once the registration is complete, you'll be redirected to the App Registration overview page. Here, note down the "Application (client) ID" value, as this will be your client ID.

    In the left-hand menu, click on "Certificates & secrets".

    Under the "Client secrets" section, click on the "New client secret" button.

    Enter a description for the client secret and choose an expiration option. Click on "Add" to generate the client secret.

    After the client secret is generated, make sure to note it down, as this will be your client secret.

    When you reached this point, you have successfully created an App Registration and obtained the client ID and client secret, which are required for your OAuth2 authentication flow. These credentials will be used to authenticate your WebAPI Core application with Azure AD.

    Be aware that the above steps provide a basic setup for OAuth2 authentication using an App Registration. Depending on your specific requirements, you may need to configure additional settings, such as API permissions, user consent, and access control, to align with your application's functionality and security needs.

    I hope these steps will help you with your issue?

1 additional answer

Sort by: Most helpful
  1. RevelinoB 1,955 Reputation points

    Hi Mr Edge,

    Yes, if you need two different clients to access the same service, you can create separate client registrations for each client in Azure AD. Each client will have its own unique client ID and client secret. By creating separate client registrations, you can manage and control the access and permissions of each client independently.

    Here's the steps you could take:

    In Azure AD, create a new App Registration for the additional client. This will generate a new client ID.

    Configure the necessary settings for the new client, such as redirect URIs, API permissions, and other required settings.

    Once the new client registration is created, you will obtain a new client ID and client secret for that client.

    Update your application's configuration with the new client ID and client secret for the additional client.

    By following these steps, you can allow multiple clients to access the same service with separate client credentials. Each client will authenticate using its own client ID and client secret, and you can manage their permissions and access independently.

    Don't forget to securely store and manage the client secrets, as they are sensitive information that should be kept confidential.

    I hope this helps you?

    0 comments No comments