implementation of azure active directory authentication with cross platform development
TRANSCRIPT
Implementation of Azure Active Directory authentication with cross-platform development
Alexander Meijers | Lead Architect | April 21st, 2016
Why? – ADALXamarin – StepsDemo - Wrap up!
Why?• Securing your business applications• Access resources like Office 365, Yammer and Microsoft
Graph• You don’t need to have extensive
knowledge of authentication• Focus on building your app
Active Directory Authentication Library• Enables developers to easily authenticate users against the
cloud or on-premises AD• It handles mostly all complexity of the authentication• Returns access tokens to execute secure API calls• Many features like
• Handles the login screen (including your organization page)• Asynchronous support• Configurable token cache for storing access and refresh tokens• Automatic token refresh when access token expires
• Available on a variety of platforms like .NET, JavaScript, OSX, iOS, Android and node.js
Xamarin [‘zæmərɪn] • Allows developers using Visual Studio and C# shared
codebase to create cross-platform applications• Support of platforms as iOS, Android, Windows 8 and
Windows 10• Acquired by Microsoft on February 24th 2016• Use Portable Class Libraries or Shared Asset Projects to
write code once for all platforms• Possible to write platform specific code
Steps• Register your application in Azure AD• Setup Xamarin project• Implement ADAL• Create a login page• Implement code for
accessing Microsoft Groups
Register your application in Azure AD• Specify name, type of
application and redirect URL(s)• Select the permissions to other
applications• Client ID is generated
• Client ID and Redirect URL combination is used during authentication
Setup Xamarin project• Create a Xamarin project
• Since February 2016 it is possible to create Universal Windows app
• Use Xamarin.Forms Portable project• Remove any not used projects
• Install the NuGet package Microsoft.IndentityModel.Clients.ActiveDirectory• V3.9.302111717-alpha
Authenticate with ADALAuthenticationContext ac = new AuthenticationContext(string authority);• authority URL of the authority• Calling https://login.microsoftonline.com/common without the tenant id will allow your app to be multi-tenant
AuthenticationResult authResult = AcquireTokenAsync(string resource, string clientId, Uri redirectUri, IPlatformParameters parameters));• resource the URL of the requested resource• clientId and redirectUri Azure AD registration• parameters Platform specific parameters • Attempts to return a token for the requested resource
based on caching or refreshing old tokens• If necessary an Azure AD sign page is shown
to acquire a request token
PlatformParametersPlatform Parameter(s) Value
iOS Reference to a UIViewController
UIApplication.SharedApplication.KeyWindow.RootViewController
Android Reference to an Activity
(Activity)Forms.Context
Remark: You will need to override the OnActivityResult method in MainActivity.cs and call the WebAuthenticationBrokerContinuationHelper class.
Windows Phone No parameters N/A
Windows 10 (Universal)
PromptBehavior, OrganizationOnly
PromptBehavior.Auto, false
Implement ADAL• ADALAuthentication class• Contains the logic for authentication with ADAL
• IADALAuthenticator interface• Implement the interface per platform to provide the platform
specific PlatformParameters
Implement the IADALInterface• Implement the interface for iOS
• Implement the interface for Universal Windows
Create a login page• Use a Xaml forms content page• Place a (login) button on the page• Use DependencyService.Get<>(…) method
to retrieve an instance of that interfacewithin the current platform• Authenticate and request
access to Microsoft Graph using the resource URL and the information you got from your Azure AD registration
Implement code for accessing Microsoft Groups• Use the access token you got from your
authentication call• Define a request based on
• Get= https://graph.microsoft.com/v1.0/groups• Application/json• Bearer = access token
• Use NuGet package NewtonSoft.json
Demo time“Let’s hope the demo gods are with us”
Wrap up!• ADAL allows you to easily implement authentication in
your cross-platform application• Be aware of your implementation when using a PCL.
Platform specific code is not allowed in your PCL• PlatformParameters differ per platform
• For a complete walkthrough check my post http://www.appzinside.com/2016/02/22/implement-adal-for-cross-platform-xamarin-applications/