Azure for SharePoint Developers - Workshop - Part 1: Azure AD
•Download as PPTX, PDF•
1 like•150 views
This document provides an overview of Azure Active Directory and how it can be used to authenticate users and applications to access data and APIs. It describes key Azure AD concepts like tenants, applications, permissions and consent. It also explains different OAuth 2.0 flows that can be used like implicit, authorization code, client credentials and on-behalf-of flows. The document recommends ways to access the Microsoft Graph API using these authorization techniques and links to code samples and documentation for further reference.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Azure for SharePoint Developers - Workshop - Part 1: Azure AD
Similar to Azure for SharePoint Developers - Workshop - Part 1: Azure AD (20)
More from Bob German
More from Bob German (19)
Recently uploaded
Recently uploaded (20)
Azure for SharePoint Developers - Workshop - Part 1: Azure AD
- 4. Web Apps Mobile Apps API Management API Apps Logic Apps Notification Hubs Content Delivery Network (CDN) Media Services HDInsight Machine Learning Stream Analytics Data Factory Event Hubs Mobile Engagement Biztalk Services Hybrid Connections Service Bus Storage Queues Backup StorSimple Site Recovery Import/Export SQL Database DocumentDB Redis Cache Search Tables SQL Data Warehouse Azure AD Connect Health AD Privileged Identity Mngt Operational Insights Cloud Services Batch Remote App Service Fabric Visual Studio Application Insights Azure SDK Team Project Active Directory Multi-Factor Authentication Automation Portal Key Vault Store / Marketplace VM Image Gallery & VM Depot SECURITY & MANAGEMENT PLATFORM SERVICES HYBRID OPERATIONS
- 5. …if cloud computing was transportation …you can buy or lease a car and maintain it yourself
- 6. …you can rent a car …if cloud computing was transportation …you can buy or lease a car and maintain it yourself …you can rent a car and pay for having it around even when you are not driving
- 7. …you can rent a car …if cloud computing was transportation …you can buy or lease a car and maintain it yourself …you can rent a car and pay for having it around even when you are not driving …you can use a ride sharing app pay only for transportation
- 8. Control and Responsibility On Premises IaaS (Azure VMs) CaaS (Docker, Kubernetes) PaaS (Azure Cloud Services) PaaS (Azure App Services) SaaS (Office 365) Application, Data YOU YOU YOU YOU YOU VENDOR Deployment, Security, etc. YOU YOU YOU YOU VENDOR VENDOR Middleware YOU YOU VENDOR VENDOR VENDOR OS YOU YOU VENDOR VENDOR VENDOR VENDOR Virtualization, Servers, Storage, Networking, Data center YOU VENDOR VENDOR VENDOR VENDOR VENDOR Traditional Infrastructure as a Service Container as a Service Platform as a Service Software as a Service Lift and Shift Portable Build Configure and use
- 9. Build on infrastructure (IaaS) Build on Dev framework (PaaS) The Azure Application Platform “App Creators” Developers Non-Devs Microsoft Azure LOBSaaSLift & Shift Docker Virtual Machines Stateful and stateless one- off solutions VM ScaleSet s Scalable stateless solutions Container Service Scalable, orchestrated Docker images deployed into containers Differentiation Time to valueExisting App Investments Batch Custom High Performanc e Computing solutions Cloud Service s Custom Monolithic 3-tier stateless solutions Service Fabric Custom Microservice -based stateless and stateful solutions Power Apps Graphical design mobile solutions App Service Template based rapid development web, mobile and API solutions Orchestrate d workflow based integration solutions LogicWeb/Mob/ API All the goodness of App Service in a dedicated environment Environments This Workshop
- 13. Azure ACS Azure AD v1 Endpoint Azure AD v2 Endpoint Federation with “social” accounts (Google, Facebook, Microsoft, etc) Azure AD only “Unified” Azure AD + Microsoft accounts Program with ADAL Program with MSAL Used in SharePoint and Office add-in models, S2S trusts Most widely used in O365/Azure The future but there are gaps Static consent model Static consent model Dynamic consent model Register in Azure Service Bus (or in SharePoint for add-ins and S2S) Register in Azure Portal, PowerShell etc. New app registration portal Deprecated – will be turned off November 2018* One app registration for each platform/scenario One app registration (and one app ID) for all platforms
- 14. • Unique identifier an instance of Azure AD Tenant ID, Directory ID • Unique identifier for an applicationApp ID, Application ID, Client ID • Password used to authenticate the application App Secret, App Key, Client Secret • App registration applied to a service, possibly in another tenant Enterprise Application (in portal), Service Principal
- 16. On-premises AD federation Multi-factor authentication B2B federation Azure subscriptions Office365 Your apps Multi-tenant partner apps Daemon applications Web browsers Native applications Application gallery Synchronise users from your AD DS Consent model Conditional access Self-service password, group mgmt
- 18. App type Permission type Who can consent Effective Permissions Get access on behalf of users Get access as a service Mobile, Web and Single page app Service and Daemon Users can consent for their data Admin can consent for them or for all users Only admin can consent App permissions User permissions App permissions Application permissionDelegated permission (user permission)
- 19. OAuth 2.0 When calling from Use this flow Permission Browser Web service Implicit Flow User Browser Web service Web service On-Behalf-Of Flow User Daemon or Web Service Web Service Client Credentials Flow App Native application Web Service Authorization Code Flow (client obtains auth code then access token; SSO scenarios; client does not handle user passwords) or User Credentials Flow (client passes username and password) User
- 20. Open ID Connect Flow Web Applications
- 21. Consuming OAuth 2.0 Access Tokens Web API
- 23. OAuth 2.0 Authorization Code Flow Native Apps
- 24. OAuth 2.0 Client Credentials Flow Daemons and Server Apps
- 25. OAuth 2.0 Implicit Flow Browser Apps
- 27. App registration Setting app scopes/permissions Call Graph API with Postman
- 28. Resources Sample code https://link.bobg.tv/ImplicitFlow “30 Days Graph” with article explaining sample code https://link.bobg.tv/30DaysGraph Azure AD Documentation https://link.bobg.tv/AAD-Docs Microsoft Graph Explorer https://link.bobg.tv/MSGraphExplorer Extending SharePoint with ADAL and MS Graph API (Julie Turner) https://link.bobg.tv/SPADAL Call MS Graph API tutorial (SPA) https://link.bobg.tv/JSMSAL SPFx code sample https://link.bobg.tv/SPFxFetch
Editor's Notes
- WRK403 - What Every SharePoint Developer should know about Microsoft Azure While the SharePoint Framework is the new place to customize the SharePoint UI, it runs completely within the web browser, and does nothing to help with background processing or other server-side work, including situations where you need to elevate permissions beyond what the end user is allowed to do. Both sandboxed and farm solutions are off the table in SharePoint Online, leaving few SharePoint-based options for this kind of work. Fortunately, Microsoft Azure is well positioned to handle these situations and many more, and should be part of every SharePoint developer's tool set. This workshop will introduce Azure platform services including Azure Active Directory, web apps, logic apps, Azure Functions, and more. You will learn practical approaches to integrate these with SharePoint. Scenarios will include: • Surfacing line of business data in SharePoint via Azure web apps and functions • Elevating permission in a SharePoint web part • Using Azure functions as timer jobs and web services • Implementing workflows and business orchestration with Azure Logic Apps • Storing and querying large data sets (beyond 5,000 rows) in SQL Azure • Safely managing security and secrets in your Azure code with Managed Service Identities and Key Vault Attendees should have a working knowledge of C# development and familiarity with SharePoint Online. Don't miss this opportunity to upgrade your development skills for modern SharePoint!
- 5
- 6
- 7
- “There is nothing permanent except change” – Heraclitus
- “The beginning of wisdom is the definition of terms” – Plato “A rose by any other name would smell as sweet” – Shakespeare
- Microsoft Build 2017
- Most useful in SharePoint: - Implicit flow on web pages - Client credentials flow for background jobs or elevating privileges in a web service