1

My current situation is that I have a an Angular2 app and two Web APIs that this calls, all of which are hosted in Azure. I would like a user to register/log in using external providers such as Facebook, Google etc.

I've done a bit of googling and found Auth0 which seems to do everything I want. However as I'm using Azure I'd like to try using this.

I came across this article Azure Active Directory Access Control which describes exactly what I want to do. However, I can find no details about how to implement this.

Any pointers on how I can do this? I don't want my APIs to be aware of auth providers, it should just accept a token and proceed.

I've looked in the config for Active Directories in Azure but can't see anywhere to add the provider details?

Thanks

ADringer
  • 2,614
  • 36
  • 63

2 Answers2

3

AFAIK, we can use Azure Active Directory B2C to achieve the goal.

Azure Directory B2C is a comprehensive cloud identity management solution for your consumer-facing web and mobile applications.

For integrate with Google, since it will start blocking OAuth requests from embedded browsers, called "web-views", we need to make changes to your applications to avoid downtime. For more information about Google's plans, see Google's blog post.

And more detail developing with Azure B2C, you can refer the link below:

Azure Active Directory B2C: Sign up and sign in consumers in your applications

Fei Xue
  • 14,369
  • 1
  • 19
  • 27
  • Thanks, looks like Azure B2C is what I'm looking for! That blog post mainly talks about mobile devices, what effect does Google blokcing embedded browsers have on desktop browsers? Is that the same as not allowing a pop-up sign-in, it has to do a full redirect? – ADringer Mar 17 '17 at 08:31
  • No, it will not affect the desktop browsers. And to use the pop-up sign-in, please use the latest version of ADAL library to fix the [infinite loop issues](https://github.com/AzureAD/azure-activedirectory-library-for-js/releases). – Fei Xue Mar 20 '17 at 05:49
  • RE: Google blocking embedded browsers and Azure AD B2C - check out this blog post: https://azure.microsoft.com/en-us/blog/azure-ad-b2c-google-signin-issue/ – Saca Mar 25 '17 at 06:01
1

Basically, you add the ACS service to your subscription and then configure it for the identity providers you want to use. It is a separate service in Azure, and you can add it through the original portal (https://manage.windowsazure.com), by clicking New -> App Services -> Active Directory -> Access Control.

But do note that ACS seems to be a service that is going away. This two year old blog post from Alex Simons tells a little about it: https://blogs.technet.microsoft.com/enterprisemobility/2015/02/12/the-future-of-azure-acs-is-azure-active-directory/ .

There's already an answer on how to set it up: Enable Azure Active Directory Access Control with Office 365 Azure Active Directory tenant .

There's some further detail on this site: http://blog.2mas.xyz/configuring-windows-azure-active-directory-access-control/ (I would include the main points here, but it's a very detailed step-by-step instruction with lots of screenshots).

Community
  • 1
  • 1
RasmusW
  • 3,355
  • 3
  • 28
  • 46
  • Thanks for your answer, has helped quite a bit. I'm thinking that maybe I shouldn't be using ACS if they plan to get rid of it? They mention about merging it into Azure AD but can't see anything more about it. Would you recommend trying to find something else? – ADringer Mar 16 '17 at 15:30