Azure AD Multi-Factor Authentication
ASP.NET, Cloud

Authenticating an MVC app with Azure AD and MFA.

Identity is a critical component in any mobile application. As there are multiple ways in authenticating (username/password or email/password is an approach), it is tricky to get it right. Using social login has grown across these years, but there’s a problem in – for a certain set of users not having accounts associated with the providers that you support.

Azure AD provides a single click solution to authenticate users via Multi Factor Authentication. We will follow the steps in creating a solution.

  1. Login to Azure Management Portal and check for Azure Active Directory.
  2. Select Default Directory in the portal and hit “Add New User” from the bottom Pane. We get to see a “Add User” Dialog.

    Figure 1 – New User Registration – Type of user
  3. Enter the details and pass onto the next step.
    Figure 2- New User Registration – Add User

    Check for Multi-Factor Authentication.

  4. We will be asked to create a new password.

    Figure 3 – New User Registration – Create Temporary password
  5. In the last step, Azure creates a temporary password. Note the password for future purposes.

    Figure 4 – New User Registration – New Password

Creating a new User is complete.

Now to explain MFA with Azure Active Directory, we will create an MVC application.

  1. Create a new MVC Project.

    Figure 5 – Create New Project
  2. Select the “Change-Authentication“ button,

    Figure 6 – Create New Project – Change Authentication
  3. Select “Work or School Accounts”, enter your domain names and check Read directory data.

    Figure 7 – Create New Project – Work or School Accounts
  4. On clicking OK, it creates a new project. When the new project is created, look for Single Sign-On option.

    Figure 8 – Authentication with Azure AD
  5. Select “Authentication with Azure Active Directory”. A wizard opens up, hit Next.

    Figure 9 – Configure Single Sign-On – Introduction
  6. Check for the default domain and select “Create a new Azure AD” and hit Next.

    Figure 10 – Single Sign-On – Select Domain
  7. In the next step, select “Read directory data”. Follow the steps as below. Hit Yes in all of the dialogs.
    Figure 11 – Configure Single Sign-On – Directory Access
    Figure 12 – Configure Single Sign-On – Adding connected service to project

    Figure 13 – Configure Single Sign-On – Adding connected service to project
  8. Once all the process finishes, build the project.

Running the Project.

  1. When we run the project, we get to see a Login screen. This Login screen is provided from Azure AD.As we have created a new user to the directory, use the same credentials and hit Sign-in.

    Figure 14 – Login Page
  2. In the Login page, the application asks us to set up security verification. Hit “Set it up now”.

    Figure 15 – Login Page – Authentication Setup
  3. Based on their choice of authentication, users can make a choice. We have selected – Authentication Phone. Enter in the phone number, this will be receiving a security code.

    Figure 16 – Login Page – Authentication Setup
  4. In this step we receive a code to the phone number. Enter the same here.

    Figure 17 – Login Page – Authentication Setup
  5. Once the authentication steps are all done, we are brought back to the Login page. The application asks to update the password.

    Figure 18 – Login Page – Update your password
  6. After updating the password, the application asks to give permission to read directory data and read your profile. Hit Accept and we will be seeing the Home screen.

    Figure 19 – Login Page – Permission Access
  7. When all goes well, we should be able to see the home screen.

    Figure 20 – Home Page

 

About The Author

Leave a Reply

*