Windows Azure Active Directory step-by-step, How to set-up Azure Active Directory, Identity Management in Azure, Access Management with Azure Active Directory

1. Windows Azure Active
Directory
Demo

2. Go to your azure portal and sign in with your Azure subscription
• As of now , Azure Active Directory is not migrated to the new portal
of cloud along with full features. So here , we are going to open Azure
Classic Portal.
http://manage.windowsazure.com
• And sign-in with your Azure Subscription.

3. Once your
are signed in to
the portal click
on Active
Directory tab.

4. Once you are in the Active Directory tabClick on New(+) , select
Directory and click on Custom Create

5. Creating new Custom Directory.
my directory name would be aaddemo and domain name would be
krunalazureuser.onmicrosoft.com

6. Once you are inside your directory you can see various options like
users,groups,applications, domains, directory integration etc…

7. Click on user tab and click Add User.
Give username

8. Creating user…

9. Generate temporary password.
Copy and save username and temporary generated password for future use.

10. So here you can see new user is created inside Azure Active Directory.

11. • Now , open new chrome instance in incognito mode and sign in to Azure portal
with the newly created user.
• Here,as the user account we have created is backed by the Azure we will be able
to login to the azure portal and would be allowed to reset password but that user
is not having any azure subscription so can’t perform anything.
• So go to azure.com and click on portals.
• Give the details and reset the password.

12. I open new chrome window in incognito mode and provide our Azure AD user and
temporary generated password.

13. Reset the password for your Azure AD User.

14. We would be able to reset password successfully but as we know for our Azure AD
user we are not having Azure subscription.

15. • Now, we will create our new Web Application and will provide
authentication to that application.
• We will write a code in such a way that we can Sign In to our Web
Application using Azure AD.

16. Open VS 2015 / VS 2013 select New ASP.NET Web Applicaiton

17. Divide the process in the 5 steps
Create MVC
Web
Application
01
Adding
Authentication
Logic
02
Adding Sign in
and Sign out
Functionality
03
Registering
your start-up
class
04
Registering
your app in
Azure
05

18. Select MVC template and click on Change Authentication

19. Change your authentication to No Authentication and click OK.

20. Once application is created select your application name and go to properties, set
SSL to true and copy the SSL url. This would be our application url.

21. Right Click on your Application NameGo to Propertiesselect Web category
Replace your project url with the SSL url.

22. Now open your web.config file and add below mentioned code

23. • Here , we defined four keys:
• CliendID : that we will get once we register our app with Azure AD
• AADInstance [Azure AD Instance] : That would be always
https://login.microsoftonline.com/{0} , {0} is the country code . Only for China
it is 1.
• Tenant : our Azure AD domain name , which we have created for our user
• PostLogoutRedirectUri : SSL url to run our web application.

24. Now , open package manager console and install following packages
Install Install-Package Microsoft.Owin.Host.SystemWeb
Install Install-Package Microsoft.Owin.Security.Cookies
Install Install-Package Microsoft.Owin.Security.OpenIdConnect
Install Install-Package System.IdentityModel.Tokens.Jwt -Version 4.0.2.20622135 , use nugget package manger to update it to specif
version
Install Install-Package Microsoft.IdentityModel.Protocol.Extensions

25. Microsoft.IdentityModel.Protocol.Extensions
• This package provides an
assembly containing classes
which extend the .NET
Framework 4.5 with base
constructs from the OpenId
Connect and WS-Federation
protocols.

26. System.IdentityModel.Tokens.Jwt
• Includes types that provide
support for creating, serializing
and validating JWT tokens.
• Install it using nuget package
manager and update it to
version 4.02….

27. Install-Package Microsoft.Owin.Security.OpenIdConnect
• It is an Middleware that enables an application to use OpenIdConnect
for authentication.

28. Install-Package Microsoft.Owin.Security.Cookies
• It is an Middleware that enables an application to use cookie based
authentication, similar to ASP.NET's forms authentication.

29. Install-Package Microsoft.Owin.Host.SystemWeb
• OWIN server that enables OWIN-based applications to run on IIS
using the ASP.NET request pipeline.

30. Once all mentioned packages are installed then right click on App_Start folder and
add new class named StartUp.cs

31. Import below mentioned namespaces in the StartUp.cs file
• using Owin;
• using Microsoft.Owin;
• using Microsoft.Owin.Security.Cookies;
• using Microsoft.Owin.Security.OpenIdConnect;
• using System.Threading.Tasks;
• using System.Globalization;
• using System.Configuration;
• using Microsoft.Owin.Security;

32. Import namespaces in the StartUp.cs file

33. Create five variables inside StartUp.cs file. These
variables will read data from web.config file.

34. In the same class , create ConfigureAuth method which takes an object of
IAppBuilder Class

35. Now create Configuration(IAppbuilder app) method that will start your
ConfigureAuth() method.

36. As per Owin standards register your StartUp class with OwinStartUp assembly.

37. Go to viewssharedadd new viewselect create as a Partial View

38. Prepare _Login.cshtml page

39. Open _Layout.cshtml page and add reference of our partial view called
_LogIn.cshtml

40. Right click on controllerAdd Empty MVC
ControllerAccountController

41. Import namespaces in AccountController

42. Create this two methods in AccountController

43. Now , we will register our web application with Azure and get the Client Id and place
it in the web.config file

44. Go to your Active Directory and click on Applications

45. Once you are inside Applications tab click on Add.

47. You can give any name, I prefer my webapp name from VS project.

48. Provide Sign-On Url which is our SSL Url and APP ID URI which is
https://domainname/appname

49. Once the app is added go inside the app and click on Configure tab.

50. From the configure section copy Client Id and place it into your web.config

52. • Build the application and run it in some another browser , not in the
same browser where your Azure subscription is open or log out from
the Azure subscription and run it.

53. You can see Application is running on the SSL url and if your try to click on Home it
will not allow you to navigate.
Click on SignIn link.

54. You can see you are redirected to Microsoft’s Azure AD SignIn page and it shows
your web application name which you have registered with your Azure AD.

56. You can see we are signedin to our web application which is running on our on-prem
environment with an Azure AD user.