Azure Authentication with Universal Windows 10 Apps

Azure Authentication with Universal Windows 10 Apps

AdalUWP1

Short introduction

Nowadays security is crucial for the enterprise perspective. Companies are curious about how to provide applications that will be secured properly and access to them can be filtered.

Great news, here it is – Azure Directory Authentication Library (ADAL) that enables client application developers to easily authenticate users to cloud or on-premises Active Directory (AD), and then obtain access tokens for securing API calls.

Below you can find how to integrate your Universal Windows 10 App with ADAL (and how easy it is!).

What do I need to start?

1) Visual Studio 2015 Community (for free) or higher

2) Microsoft Azure subscription (you can test it for free here)

Let’s start

1) Launch Visual Studio and create new empty Universal Windows App project:

Type the name of your project: WindowsAppAuthenticationSample

AdalUWP2

2) Open Nuget Packages Windows and type “ADAL” in search window:

AdalUWP3

Install package (you should see it in the references section):

AdalUWP4

IMPORTANT:

Before this step you have to have created Web Api application visible in “Web Apps” section. In my case this is “mycloudwebapi”. It should be also registered in you Azure AD.

4) Now sign in to Azure Portal and select “Active Directory” section:

1) Select “Default directory”:

AdalUWP5

2) Select “Applications” section and click “Add” buttton on the bottom:

AdalUWP6

3) Select “Add an appliction that my organisation is developing”:

AdalUWP7

4) Type the name of the application (the same from Visual Studio) and select “Native client application”:

AdalUWP8

5) Type the redirect URL (for now just type http://WindowsAppAuthenticationSample) and click check button:

AdalUWP9_0

6) Your app is ready for the configuration:

AdalUWP10

7) Go to “Configure” section and copy “Name”, “Client ID” and “Redirect URL” – we will use them later:

AdalUWP11_0

 

8) Now go to the “Domains” section and copy your domain (for later usage). For me its: “danielkrzyczkowskihotmail.onmicrosoft.com”:

AdalUWP12

9) Now its time to add premissions to connect you Web Api resource. In “Configure” section click “Add Application” and select you Web Api resource app:

AdalUWP14

AdalUWP14

Add permission to access your Web Api resource and click “Save button”:

AdalUWP15

5) Nowlet’s get back to the Visual Studio. It’s time to configure Windows App:

1) Add below method to “App.xaml.cs” class just below “App()” constructor (of course with configuration parameters that you have collected earlier):

 

  private void setAppSettings()
        {
            var localSettings = ApplicationData.Current.LocalSettings;
            localSettings.Values["ida:AADInstance"] = "https://login.windows.net/{0}";
            localSettings.Values["ida:Tenant"] = "<<your domain name>>";
            localSettings.Values["ida:ClientId"] = "<your client id>>";
            localSettings.Values["ida:RedirectUri"] = "<<redirect uri to your Web Api resource";
            localSettings.Values["ApiResourceId"] = "<<you Web App Id URI>>";
            localSettings.Values["ApiBaseAddress"] = "<<url address to your Web Api>>";
        }

Invoke “setAppSettings” method in the “App()” constructor:

AdalUWP16

2) Now its time to authenticate! Your “MainPage.xaml.cs” file should look like below:

 

public sealed partial class MainPage : Page
    {
        ApplicationDataContainer _localSettings;
        private AuthenticationContext _authContext;

        public MainPage()
        {
            this.InitializeComponent();
            _localSettings = ApplicationData.Current.LocalSettings;
            authenticate();
        }

        private async void authenticate()
        {
            string aadInstance = _localSettings.Values["ida:AADInstance"].ToString();
            string tenant = _localSettings.Values["ida:Tenant"].ToString();
            string clientId = _localSettings.Values["ida:ClientId"].ToString();
            Uri redirectUri = new Uri(_localSettings.Values["ida:RedirectUri"].ToString());
            string authority = String.Format(aadInstance, tenant);
            string apiResourceId = _localSettings.Values["ApiResourceId"].ToString();
            string apiBaseAddress = _localSettings.Values["ApiBaseAddress"].ToString();

            _authContext = new AuthenticationContext(authority);
            AuthenticationResult authResult = await _authContext.AcquireTokenAsync(apiResourceId, clientId, redirectUri);
            _localSettings.Values["AuthToken"] = authResult.AccessToken;
            if (!string.IsNullOrEmpty(authResult.AccessToken))
            {
                var dialog = new MessageDialog("Authenticated!");
                await dialog.ShowAsync();
            }
    }
}

6) Launch you app and type your credentials:

AdalUWP15

AdalUWP16

Sum up

That’s all. In this post I have presented how easily you can register your Universal Windows App in Azure Ad and provide authentication for users. Now you can provide access to applications only for users connected with your organization.

Advertisements