I am using Azure Graph API to get all the user information from Azure AD. After that I am adding those users into my application. In the login page I want them to enter their username and the password they use in AD. I don't want to store their password in my table but I want to do an authentication check. Is there a rest service in Graph API which does this ?
0
votes
It is a bad idea to store username/passwords in your database. General approach is to have the application redirect them to Azure AD for authentication and have Azure AD return back the claims which contain some information about the user. You can store that information in your database to identify them when they login again in your application.
– Gaurav Mantri
I am not storing their password in my db. I am providing SAML based authentication . In addition I want to allow them to login through my normal login page providing their credentials. I won't be storing it anywhere. I just want to authenticate them using Azure AD API.
– Jerry
1 Answers
1
votes
In the login page I want them to enter their username and the password they use in AD. I don't want to store their password in my table but I want to do an authentication check. Is there a rest service in Graph API which does this ?
This is doesn't relate to the rest service about Graph API. It determined by how you protect your service.
For example, the Microsoft provide the Azure Graph API which protected by Azure AD. And the Azure AD supports the OAuth 2.0 to get the access token to access the protected resource.
In the scenario you described, you can consider use OAuth 2.0 code grant flow. Please see the figure below for the detail steps for this flow:
Here is the code sample to using this flow for your reference:
