6
votes

I have a set of users in azure active directory; in my program I will collect the user name and password of an end user, and want to check against windows azure active directory.

Is it possible? Please provide some reference.

I know we can validate using Power-shell cmdlets; I want to know if there is any other way to validate user credentials.

4
What is it you are trying to accomplish? Can you describe the higher level design of your authentication & authorization scheme. Based on your description it sounds like you are trying to something fairly insecure and "naughty". Is there a reason you are not using claims based authentication in your relying party application and letting windows azure active directory (WAAD) handle authentication?Nathan
In most of the applications I have deployed for very large companies we have let on-premise AD be the authentication source, and I am looking forward to figuring out exactly how Azure AD can replace this in my cloud applications. I'd rather not write authentication code if I don't have to, and let WAAD take care of all that for me as I focus on how authorization applies to my application logic.Graham
Did you ever find a solution for this. I am trying to do the same thing?Gotts

4 Answers

3
votes

In case someone is still looking for an answer. Support for authenticating user without opening a new window for user cred was added in ADAL version 2.7.10707.1513-rc through providing an object of class UserCredential to an overloaded function of AcquireToken.

public AuthenticationResult AcquireToken(string resource, string clientId, UserCredential userCredential);

Here is a sample code for powershell. $UserCred = new-object Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential("****@*****", "*****") $result = $AuthContext.AcquireToken($resource,$clientID,$UserCred)

2
votes

Ah, I think, you're trying to implement a SSO scenario. Try Adding Sign-On to Your Web Application Using Windows Azure AD! And if your customer does not have an Azure subscription, this Multi-Tenant Cloud Application for Windows Azure Active Directory sample describes the details with using Azure Active Directory Authentication Library. Hope this helps.

0
votes

You say that you "will collect user name and password of an end user and want to check against with windows azure active directory" - I am pretty sure this is NOT possible, and I know for sure it is not advisable. This is the opposite of the trend of approaches like OAuth where users can login on many applications using the same credentials (and the part coming up is critical) without ever revealing to those "many applications" their password.

This is the idea of Federated Authentication and is a more secure model than the older approaches of allowing all apps that you log in with to have direct access to your username and password. Typically in such a flow, assuming an existing Office 365 account, the new app you've created and configured to authenticate using O365 will REDIRECT the web browser of the user to O365 where the user types their O365 username and password in, and then agrees (one time) that it is okay for them to be used with this new app, then the browser will REDIRECT back to the app, with a security token with some claims in it. These claims will include the name, email address, and other things about the logged in user and are intended to be sufficient to identify the user in your app.

Same would go for authenticating with, say, Facebook or Google - your app will never directly see the user's password. It would even apply to logging into StackOverflow itself, so you've seen the workflow.

0
votes

Hope this ADAL option might also helps.

ClientCredential encryptedCredentials = Convert.ToBase64String(System.Text.ASCIIEncoding.ASCII.GetBytes(string.Format("{0}:{1}", "[email protected]", "PasswordX")));
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", encryptedCredentials);