Tuesday 18 June 2024

ASP.NET Core: How to implement Azure Active Directory (AAD) Authentication in ASP.NET Core

 In this tutorial, we will implement security for ASP.NET Core Application using Azure Active Directory (AAD).  In this tutorial, I will cover some topics as prerequisites to understand the ASP.NET Core security using AAD.

Microsoft Identity Platform

Microsoft Identity Platform provides facility to design an application that provides an access of the application to users using their Microsoft Identities and Social Accounts. If you are deploying the application on Microsoft Azure then implementing security using this platform reduces an additional need of the code to manage custom users for the application. The application is directly accessed using 

  • Work or school accounts, provisioned using Azure AD
  • Microsoft personal accounts e.g. outlook, hotmail, etc.

Using Microsoft Identity Platform with ASP.NET Core Application

The figure 1 shows an integration of Microsoft Identity Platform with ASP.NET Core application


Figure 1: An integration between ASP.NET Core app with Microsoft Identity Platform   

The figure 1 explains complete mechanism of accessing the application with an integration with Microsoft Identity Platform. So lets implement all steps those are shown in figure 1

Step 1: To implement these steps, the Azure Subscription is required. Please visit this link to register for free to access Microsoft Azure Services. Once the Azure subscription is completed, login to the portal.
Step 2: Open Microsoft Visual Studio 2019 and create an ASP.NET Core application. Name this application as AAD_Web_App. Select the Authenticate Type as Microsoft Identity Platform as shown in figure 2


Figure 2: The ASP.NET Core app

 Once the project is created, expand the project dependencies, you can see that the Azure AD Authentication packages are added in the project as shown figure 3



Figure 3: The Azure AD Packages    

The Microsoft.AspNetCore.Authentication.AzureAD.UI package represents an ASP.NET Core Azure Active Directory Integration that is used for the application authentication using Azure AD users. This package depends on Microsoft.AspNetCore.Authentication.JwtBearer package. This is ASP.NET Core middleware. This middleware enables ASP.NET Core application to receive an OpenID Connect bearer token.  The other dependency package Microsoft.AspNetCore.Authentication.OpenIdConnect  is an ASP.NET Core middleware that enables the application to support the OpenID Connect authentication workflow. 

Open the appsettings.json file. This file contains settings for AzureAD integration as shown in listing 1


"AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "qualified.domain.name",
    "TenantId": "22222222-2222-2222-2222-222222222222",
    "ClientId": "11111111-1111-1111-11111111111111111",
    "CallbackPath": "/signin-oidc"
  }

Listing 1: The application integration with AzureAD   

The settings in listing 1 needs to be provided with actual values of ClientId and TenantId. We can get these values from the Azure Portal.

Step 3: Select Azure Active Directory from the portal as shown in the figure 4



Figure 4: Selecting Azure Active Directory

Select App registrations from the Active Directory Page as shown in Figure 5



Figure 5: Selecting App Registration 

Select the New registration on the App registrations as shown in figure 6



Figure 6: New App Registration 

On the Register an application page, provide the user-facing application name of your choice. The most important settings here is the we have to mention the Supported account type. This settings is important using which we can set what types of users can access the application. The Redirect URL is optional we will set it afterwards. We will set the Supported account type as Accounts in this organizational directory only (Default directory only - Single tenant) as shown in figure 7



Figure 7: The Registration Page 

Click on the Register button. The application is registered and the new registered application page will show application details as shown in figure 8



Figure 8: The application registration 

Copy the Application ID (client id) and DirectoryID (tenant id) from this page. We will need this for integrating ASP.NET Core app with Azure AD.  On this Application Registration page click on Authentication link an then click on Add a platform as shown in figure 9



Figure 9: The Authentication configuration

The step of adding platform will allow us to select the type of application that will be targeted for integrating with Azure AD Identity. One we click on the Add a platform  the page will be displayed for configuring platform as shown in figure 10



Figure 10: Configure the platform      

We can target to various types of application for integration with AzureAD. On this page select Web. This means that we will be integrating a Web application with Azure AD. Once we click on the Web we need to configure Redirect URIs and select check boxes for Access Tokens and ID Tokens. To enter Redirect URIs, right-click on the ASP.NET Core Project and select properties. Select the Debug from the Properties page and copy the SSL url as shown in figure 11



Figure 11: Selecting the ASP.NET Core Applications URL for redirection    

As shown in figure 12, configure the Redirect URIs and Access token



Figure 12: Configuring the Web Application for Redirection 

Click on the Configure button to view the application configuration as shown in figure 13



Figure 13: The Complete Configuration

Once the Web app is configured, visit back to the Active directory page and click on Users link as shown in figure 14



Figure 14: The Users for Azure AD

Add a new used in the active directory as shown in the figure 15





Figure 15: Adding new user in the Azure AD

The figure 15 shows the Azure AD domain name in which the user will be created. We will use this domain name in the ASP.NET Core web application.

Step 4: Go back to the ASP.NET Core application. Modify the appsettings.json file by adding ClientId, TenantId and Domain. The ClientId and TenantId can be read from App Registration details as shown in Figure 8. The Domain name is shown in figure 15. While creating the ASP.NET Core application, since we have selected Authentication Type as Microsoft Identity Platform, the code for adding AzureAD is already generated in the ConfigureServices() method of the Startup class as shown in   Listing 2 


public void ConfigureServices(IServiceCollection services)
{
  services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
	.AddAzureAD(options => Configuration.Bind("AzureAd", options));

  services.AddRazorPages().AddMvcOptions(options =>
  {
	var policy = new AuthorizationPolicyBuilder()
				.RequireAuthenticatedUser()
				.Build();
    options.Filters.Add(new AuthorizeFilter(policy));
  });
}

Listing 2: The Authentication generated code 

The code in listing 2 uses the AzureAD authentication scheme by default and read the configuration from appsettings.json. The Razor page from application will be accessible only when the user is authenticated against the AzureAD.  The  The Configure() method of the Startup class already have middlewares to manage Authentication and Authorization. The Pages folder contains Shared sub-folder. This folder contains _LoginPartial.cshtml file. This file contains the code to show authenticated user name.

Run the application, the Microsoft Online Login Page will be loaded in the browser as shown in figure 16



Figure 16: The Microsoft Online Login Page

Enter the login information of the user created in the AzureAD as shown in figure 15. Once these credentials are validated, the Index page of the application will be rendered which shows login name as shown in figure 17



Figure 17: The successful login   

Once you click on Sign Out, the sign out page will be displayed.

This is how an integration between ASP.NET Core Web application is managed using an integration with AzureAD.

Conclusion: It is always better to integrate an AzureAD with web application which is hosted on Microsoft Azure platform for enhanced security. This integration allows Outlook, Hotmail, Skype, etc. users to access an application with their credentials and Microsoft Identity Platform have made this very easy. 

Friday 12 April 2019

FAQs of BCG

These are the some FAQS of BCG
PLEASE USE BELOW LINK
Details and FAQS of BCG

Birth affidavit format



I, ______________________________________________, having permanent residence at ___________________________________________________________________ is hereafter referred to as ______________________________________________in this document.


WHEREAS, I ____________________________________________  hereby declare that I was born on ____ day of _______, ______ at _________________, ___________, Taluka ________________, District Pune in the State of Maharashtra and the same is recorded in the office of Registrar, __________________, Taluka ___________________ against serial number ____ on ______________(day of birth registration) and the said authority issued the birth certificate on _______________.
WHEREAS, this affidavit is made to submit before the concerned company/organization, as a declaration of my birth date and place.
Whatever stated in the above paragraphs is true to the best of my knowledge and belief.


(Signature of the affiant)

Friday 29 March 2019

Cloud final assessment

1)Strategic benefitof cloud
Ans:Speed of completion
2)command to get Azure published stings file
Ans:Get-AzurePublishSettingsFile
3)Command to generate client certu
Ans: makecert -sky exchange…
4)Security parameters provided by azure
Ans:Both a and b
5)Storage class for long term archive storage
Ans: glacier
6)file size range in s3
Ans: 0-5tb
7)what do ttl settings control
Ans: determines the amount of time for specific…
8)How many languages supported by cloud search
Ans: 34
9)types of files windows azure storage BLOB contain
Ans: video/image/audio,VHD…
10)Types of storage that you can have with storage account
Ans: tables,blobs,queus
11)Which of these is a cloud deployment model
Ans: ALL of the above
12)When is cloud computing not a suitable option for organizations
Ans: Both A and B
13)Cloud computing is potentially suitable for
Ans: all of the above
14)Intended user for IaaS
Ans: IT professional
15)Different delivery methods available while creating CDN
Ans: Both 1 and 2
16)data format in s3
Ans: objects/files
17)Identify Storage classes in s3
Ans: all of the above
18) where are the steps to generate a self-signed root certificate available
Ans: at the bottom of help option
*19) underlying concept of CDN
Ans: place the content geographically nearest…
20) what server side encryption is available when uploading content to s3 bucktes
Ans: AES-256
21) when using a storage account what are main three ways to
Ans: tables, queues, blobs


Methods and tools


Methods and tools solution set(85/100)
1. Configuration files tracked using VCS
True
2. Best approach for estimation
A combination of all
3. Agile manifesto
Individual and interaction over process and tools
4. Communication between Jenkin and build agent
Bidirectional
5. report shows aggregate status in Jenkin
Weather
6. Continuous integration tool
Jenkins
7. Project health sunny 80% above
True
8. Not a characteristic of good user story
Negotiable
9.Pipeline are now replacing traditional
Production
10.automated testing tool
Selenium
11.unit of measurement size of user story
Story points
12. devOps encourage productivity and efficiency
True
13. What is pipeline
Stages that app goes when developed
14. Analysis to determine quality of code
Static code
15.Timeboxed means
Fixed
16. Different types of projects Jenkins
All of options
17.testing assesses system or solutions
System
18. Multiple changes across several files grouped
Version control
19.spike testing is
Performance
20. Plugin for code repository management
Source code management

Thursday 21 March 2019

AZURE HANDSON

////////// HANDS-ON 1 /////////////////

1) az network vnet create -g resourceaddressgiveninkatacoda -n myvnet

2) az network vnet delete -g resourceaddressgiveninkatacoda -n myvnet

////////// HANDS-ON 2 /////////////////

1) az network nsg create -g resourceaddressgiveninkatacoda -n mynetworknsg

2) az network nsg delete -g resourceaddressgiveninkatacoda -n mynetworknsg


////////// HANDS-ON 3 /////////////////

start writing from step 3:-

1) STORAGEACCT=$(az storage account create --resource-group "resourceaddressgiveninkatacoda" --name "mystorageacct17" --location eastus --sku Standard_LRS --query "name" | tr -d '"')

2) STORAGEKEY=$(az storage account keys list  --resource-group "resourceaddressgiveninkatacoda"  --account-name $STORAGEACCT  --query "[0].value" | tr -d '"')

3) az storage share create --account-name $STORAGEACCT  --account-key $STORAGEKEY  --name "myshare"

4) az storage directory create --account-name $STORAGEACCT --account-key $STORAGEKEY --share-name "myshare" --name "myDirectory"

5) az storage file upload --account-name $STORAGEACCT --account-key $STORAGEKEY --share-name "myshare" --source "/home/scrapbook/tutorial/php-docs-hello-world/index.php" --path "myDirectory/index.php"

////////// HANDS-ON 4 ////////////////////

1) az vm create -n myvm -g resourceaddressgiveninkatacoda --admin-username gaurav --image UbuntuLTS --generate-ssh-keys

2) az vm delete -g resourceaddressgiveninkatacoda -n myvm 

Wednesday 20 March 2019

Agile quiz


Agile - Quiz

1) Product owner
2) It is used to measure how much work is left to be done
3) The consistency reduces complexity and overhead
4) You cannot say anything for sure
5) Planning should involve the whole team

ASP.NET Core: How to implement Azure Active Directory (AAD) Authentication in ASP.NET Core

  In this tutorial, we will implement security for ASP.NET Core Application using Azure Active Directory (AAD).  In this tutorial, I will co...