How to Authenticate against Azure AD via API

Question

Is it possible to authenticate againat Azure AD without using the microsoft windows account login page?

We have createad a stand alone web app with its own user base in an instance of WAAD (Windows Azure Active Directory)

The problem is, the users of this system have corp laptops with only a single browser installed (IE9) and are also users of Office 365.

When trying to access our app from IE, its says the user is already logged in on with their office 365 account, and the process of signing out and switching account takes 15 mins of clicking through multiple redirect and error pages. (total farce!)

As a quick fix, is there a way we can create our own login page (like the good old forms auth) days to capture the creds, and send them to WAAD to get a token via an API allowing the user to be logged into office365 and our instance of WAAD at the same time?

Answer 1

please see the answer to my question: Using ADAL C# as Confidential User /Daemon Server /Server-to-Server - 401 Unauthorized Maybe it works for your scenario too:

Construct following HTTP-Reqest for the Token:

URL: https://login.windows.net/MyCompanyTenant.onmicrosoft.com/oauth2/token

Header:

• Cache-Control: no-cache
• Content-Type: application/x-www-form-urlencoded

Body:

• client_id: YourClientIdFromAzureAd
• resource: https://myCompanyTenant.crm.dynamics.com
• username: yourUser@myCompanyTenant.onmicrosoft.com
• password: yourUserPassword
• grant_type: password
• client_secret: YourClientSecretFromAzureAd

Construct the following HTTP-Request for the access to WebApi:

URL: https://MyCompanyTenant.api.crm.dynamics.com/api/data/v8.0/accounts

Header:

• Cache-Control: no-cache
• Accept: application/json
• OData-Version: 4.0
• Authorization: Bearer TokenRetrievedFomRequestAbove