7

There are alot of tutorials on how to configure the Authentication properties of a given Azure App Service instance:

Api Apps

Expanding App Service Authentication/Authorization

There are guides for configuring the Azure Server-Side properties for:

AAD

FaceBook

Twitter

Google

Microsoft Account

I believe these all are setting properties on the server-side gateways that sit in front of our Azure App Service components. This approach is nice, because you can initiate a login flow simply by directing your user's browser to ~/.auth/login/XYZ.

However, I can't figure out how I'm supposed to Authenticate against any of these at DEVELOPMENT time, running MVC apps and API Apps locally on my PC via localhost. I don't have a gateway running locally. There isn't an endpoint listening to localhost/.auth/login/XYZ.

So, what's the story? How do you authenticate there? Specifically, how do you develop in such a way that whatever you're going to need to do locally can be Published to your Web and Api Apps and have the auth experience work within the eco-system of the App Service in Azure?

Nate Jackson
  • 549
  • 4
  • 15
  • Possibly similar to question http://stackoverflow.com/questions/22488585/cant-authenticate-with-local-net-back-end – Gandhali Samant Mar 12 '16 at 03:40
  • @GandhaliSamant I'd contend that this is not the same thing. My question is about Azure App Services released in March 2015. This new way has your Azure assets sitting behind a Microsoft Managed Gateway that performs the oAuth "dance" for you. Works great up in Azure. It isn't clear if anything already exists that can aid/(handle it) in the development phase of a web app or api app, where the code is running locally. – Nate Jackson Mar 12 '16 at 15:18
  • You can have 2 AD applications. One is for production, and the other one is for development. And then, keep your credential information, such as client id, key, tenant id and sign-on URL, in the app setting of your web app. And similarly, for local environment, you can keep the credential in your System Environment. Now, instead of getting the credential from **web.config**, you can get it from the system environment. Hope this is what you want. – Jack Zeng Mar 14 '16 at 01:03

2 Answers2

3

According to this, the only way to do this is to write some dev-environment-only code to fake IPrincipals with claims equivalent to those provided by the Azure environment in production.

  • Create an appSetting value in web.config that identifies whether the app is in local development mode such as:

    <add key="EnableLocalLogin" value="true" />

  • Define this value in the azure portal application settings as false. This value will overwrite the one configured in the web.config.

  • Create another login option that is only displayed when EnableLocalLogin appSetting is true.
  • The "Login as local developer" button simply calls into an action method which:
    • Checks if the app is in local development mode.
    • If so, constructs an instance of the IPrincipal class with appropriate claims and calls the ASP.Net Identity systems to assign the identity to the current context.
anton.burger
  • 5,637
  • 32
  • 48
  • Yep. I found that nothing was available from Microsoft directly either. While I didn't use the same code that Glav did in your answer, we did end up rolling our own IPrincipal and having some #if DEBUG blocks in our code. Not ideal, but so far, 17 months later, I haven't lost any sleep over it. – Nate Jackson Aug 08 '17 at 02:39
1

You will need to set an alternate login host. You don't mention the SDK that you are using, but this is generally set by the following:

Sorry, I don't know iOS Development, but there is a loginHost field in that SDK as well.

Adrian Hall
  • 7,990
  • 1
  • 18
  • 26