Azure Active Directory–How to protect a Web Application without Code

In this post I would be demonstrating how to protect a web site without any code changes.


  • High Protection Web Site will not serve any html, js, css files without Authentication  (MSAL protection causes few MSAL JS to be served to do authentication – this may be restricted by Information Security groups of Enterprise class customers)
  • Same Code can be deployed multiple places as the Authentication pieces being decoupled

Create Web Application

Create a web application of ASP.NET or Angular.

Publish to Azure

Publish to Azure so that an App Service is created.

Set the Authentication


Test the Application

Now you can test the application & the login prompt happens.


In the background the App Service is adding Redirect URL

Client Side Applications

For client side applications, you can always refer the following URL to get the current ID Token for the Authenticated User.  It can also be used as Access Token as the Audience is same as Client ID.


In this post we have seen how to do No Code protection of web application using Azure Active Directory.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s