Share via

Authenticate the Azure App Services with the Microsoft Entra ID in UWP app

Petchiammal Rajumayandi 61 Reputation points
2024-05-07T11:21:15.8866667+00:00

Hi,

We are utilizing Azure App Services for our Azure Mobile Apps table in the UWP apps. Our mobile apps currently access the Mobile Apps table with anonymous access level via Azure App Services.

However, we have decided to enhance the security of our mobile apps table. As a result, we have changed the authentication level of the mobile app's table to "authenticated." Our intention is to use Microsoft Azure Active Directory for authentication purposes.

We have completed the App Registration process and obtained the client ID, client secret, tenant ID, and OAuth 2.0 URL. Using these credentials, we successfully acquired an access token. Our intention is to authenticate without user interaction. However, upon attempting to access the mobile app table, we encountered the following error message: "You must be logged in to use this application.

The reference document link is given below

https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad?tabs=workforce-tenant

Could anyone please guide me to achieve this. ?

Universal Windows Platform (UWP)
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,047 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,900 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. brtrach-MSFT 15,356 Reputation points Microsoft Employee
    2024-05-09T02:40:32.29+00:00

    @Petchiammal Rajumayandi To add to what Ben has shared, to authenticate the Azure App Services with the Microsoft Entra ID in UWP app, you can use the Microsoft Authentication Library (MSAL) for authentication purposes. MSAL is a library that enables you to acquire tokens from Azure Active Directory (Azure AD) for your UWP app.

    Here is a sample code that demonstrates how to authenticate a user and obtain an access token using MSAL:

    using Microsoft.Identity.Client;

public async Task<string> GetAccessTokenAsync()
{
    string clientId = "your-client-id";
    string tenantId = "your-tenant-id";
    string clientSecret = "your-client-secret";
    string authority = $"https://login.microsoftonline.com/{tenantId}";

    var app = ConfidentialClientApplicationBuilder.Create(clientId)
        .WithClientSecret(clientSecret)
        .WithAuthority(new Uri(authority))
        .Build();

    string[] scopes = new string[] { "https://your-api-url/.default" };

    AuthenticationResult result = await app.AcquireTokenForClient(scopes).ExecuteAsync();

    return result.AccessToken;
}

    In this code, you need to replace the placeholders with your own values:

    • your-client-id: The client ID of your Azure AD app registration.
    • your-tenant-id: The tenant ID of your Azure AD directory.
    • your-client-secret: The client secret of your Azure AD app registration.
    • https://your-api-url/.default: The scope of the API that you want to access.

    This code uses the ConfidentialClientApplicationBuilder class to create a confidential client that can authenticate with Azure AD using a client secret. It then uses the AcquireTokenForClient method to obtain an access token for the API.

    Once you have obtained the access token, you can use it to authenticate the Azure App Services in your UWP app. You can pass the access token in the Authorization header of your HTTP requests to the API.

    0 comments