In this post I would be demonstrating how to protect a web site without any code changes.
Advantages
- High Protection Web Site will not serve any html, js, css files without Authentication (MSAL protection causes few MSAL JS to be served to do authentication – this may be restricted by Information Security groups of Enterprise class customers)
- Same Code can be deployed multiple places as the Authentication pieces being decoupled
Create Web Application
Create a web application of ASP.NET or Angular.
Publish to Azure
Publish to Azure so that an App Service is created.
Set the Authentication
Test the Application
Now you can test the application & the login prompt happens.
Note
In the background the App Service is adding Redirect URL
https://working-angular-webapi.azurewebsites.net/.auth/login/aad/callback
Client Side Applications
For client side applications, you can always refer the following URL to get the current ID Token for the Authenticated User. It can also be used as Access Token as the Audience is same as Client ID.
https://working-angular-webapi.azurewebsites.net/.auth/me
Summary
In this post we have seen how to do No Code protection of web application using Azure Active Directory.