Presentation is loading. Please wait.

Presentation is loading. Please wait.

Azure Active Directory is becoming one of, if not the, primary user identity management services for cloud applications. One of Azure Active Directory's.

Published byMillicent Stevenson Modified over 8 years ago

Similar presentations

Presentation on theme: "Azure Active Directory is becoming one of, if not the, primary user identity management services for cloud applications. One of Azure Active Directory's."— Presentation transcript:

1 Azure Active Directory is becoming one of, if not the, primary user identity management services for cloud applications. One of Azure Active Directory's attractive features, especially for developers, is the Graph API. The Graph API provides a modern, REST-based interface into the directory, allowing us to easily read, write, update, and delete a wide range of data. In this session we'll set the foundation for how the directory is structured and what features it offers. We'll also demonstrate how to get started programming against the directory in order to utilize Azure Active Directory information in cloud and non- cloud applications.

2 Programming Azure Active Directory

3

4 17 COLUMBUS, OHOCTOBER 17, 2014CLOUDDEVELOP.ORG

5 Opening Keynote Scott Guthrie October 21 st, 2014 8:00am – 5:00pm PST http://azureconf.net

6 Assume you know what Microsoft Azure is and likely have an Azure subscription. This is not a Active Directory design session. Review common scenarios... Yours may be different. We’re not going to cover it all today... large, complicated topics with many options/scenarios.

7 Azure Active Directory - What is it?

8 Multi-tenant “directory-as-a-service” Identity & access for on-premises and cloud applications NOT a cloud version of Windows Server AD Image Source: http://technet.microsoft.com/en-us/library/jj573650.aspxhttp://technet.microsoft.com/en-us/library/jj573650.aspx

9 Extend Windows Server AD to the cloud Directory & identity services w/o need for Windows Server AD Each O365 tenant has instance of AAD Sync process is the same Your App AAD Directory store Authentication platform Active Directory

10

11

12

13 Working with the Graph

14

15

16

17

18

19

20

21

22 https://graph.windows.net/ Graph URL Tenant (domain or objectID) Entity (user, group, role, etc) OData query ($filter, $top) API Version collierdemo.onmicrosoft.com/ &api-version=2013-11-08?$filter=givenName eq 'Jon' users

23

24

25 Graph Security

26 Service-to-Service OAuth 2.0 Grant Type Client Credentials My Application Azure AD Authentication Endpoint (OAuth) (https://graph.windows.net) REST Service (validates token, process, returns data) Authorization Check Azure Active Directory 1) Request JWT token (provide clienID and secret) 2) Return JWT token 3) HTTP Request w/ JWT token 4) Return response

27 OAuth 2.0 Grant Type = Client Credentials * Some values removed for readability // get OAuth token using Client Credentials string tenantName = "GraphDir1.onMicrosoft.com"; string issuingAuthority = "https://login.windows.net/" + tenantName; AuthenticationContext authenticationContext = new AuthenticationContext(issuingAuthority,false); // Config for OAuth client credentials string clientId = "118473c2-7619-46e3-a8e4-6da8d5f56e12"; string clientSecret = "hOrJ0r0TZ4GQ3obp+vk3FZ7JBVP+TX353kNo6QwNq7Q="; ClientCredential clientCred = new ClientCredential(clientId, clientSecret); string resource = "https://graph.windows.net"; string token; AuthenticationResult authenticationResult = authenticationContext.AcquireToken(resource, clientCred); token = authenticationResult.AccessToken; OAuth 2.0 grant type, client_id, and client_secret configured in Azure portal

28 OAuth 2.0 Grant Type = Client Credentials POST https://login.windows.net/GraphDir1.onMicrosoft.com/oauth2/token Content-Type: application/x-www-form-urlencoded client-request-id: 1e38c3d3-dca3-42ff-8149-5db607b3488c return-client-request-id: true resource=https%3A%2F%2Fgraph.windows.net& client_id=118473c2-7619-46e3-a8e4-6da8d5f56e12& client_secret=hOrJ0r0TZ4GQ3obp%2Bvk3FZ7JBVP%2BTX353kNo6QwNq7Q%3D& grant_type=client_credentials * Some values removed for readability

29 OAuth 2.0 Grant Type = Client Credentials Content-Type: application/json; charset=utf-8 client-request-id: 1e38c3d3-dca3-42ff-8149-5db607b3488c Content-Length: 1160 {"token_type":"Bearer","expires_in":"3599","expires_on":"1407640794","not_before":"1407636894","resource":" https://graph.windows.net", "access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1Q ZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLndpbmRvd3MubmV0Iiwia XNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNGZkMmIyZjItZWEyNy00ZmU1LWE4ZjMtN2IxYTdjOTc1ZjM 0LyIsImlhdCI6MTQwNzYzNjg5NCwibmJmIjoxNDA3NjM2ODk0LCJleHAiOjE0MDc2NDA3OTQsInZlciI6IjEuM CIsInRpZCI6IjRmZDJiMmYyLWVhMjctNGZlNS1hOGYzLTdiMWE3Yzk3NWYzNCIsIm9pZCI6ImIwZGVhNTFlLWJ kMDQtNGI5OS05NmEyLTE0ZDk5YjE5YmM2YSI…………………….." } * Some values removed for readability

30

31 1. Leverage ADAL and Graph Library 2. Obtain authentication token 3. Set GraphSetting with API version of choice 4. Set filter properties (if desired) 5. Get, Create, or Delete User, Group, Application, etc.

32

33

34

35

36

37 Questions?

38

39 Opening Keynote Scott Guthrie September 25, 2014 8:00am – 5:00pm PST http://azureconf.net

40

41 Scenarios

42 Web Application Can call other web APIs Web API Can call other web APIs Web API Includes AAD Graph, O365, custom Web API Includes AAD Graph, O365, custom Browser Native/Mobile Daemon/Server More info at http://msdn.microsoft.com/en-us/library/azure/dn499820.aspx

Download ppt "Azure Active Directory is becoming one of, if not the, primary user identity management services for cloud applications. One of Azure Active Directory's."

Similar presentations

Attie Naude 14 May 2013 Windows Azure Mobile Services.

Attie Naude 14 May 2013 Windows Azure Mobile Services.
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Patterns & practices Symposium 2013 Windows Azure Active Directory Vittorio

Patterns & practices Symposium 2013 Windows Azure Active Directory Vittorio
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
Build 2015 4/16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.

Build /16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every day.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every day.
Conditional access DirectAccess & automatic VPN Desktop Virtualization.

Conditional access DirectAccess & automatic VPN Desktop Virtualization.
Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages Browser Native app Server.

Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages Browser Native app Server.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Resource App Resource App Resource authorization server authorization endpoint token endpoint A A R.

Resource App Resource App Resource authorization server authorization endpoint token endpoint A A R.
Fraser Technical Solutions, LLC

Fraser Technical Solutions, LLC
App development in SharePoint 2013 LIVE Introducing Cloud App Model Cloud-hosted Apps Experiences from the Field.

App development in SharePoint 2013 LIVE Introducing Cloud App Model Cloud-hosted Apps Experiences from the Field.
Authenticate user AuthenticationContext aCtx = new AuthenticationContext(“https://sts.contoso100.com/adfs); AuthenticationResult.

Authenticate user AuthenticationContext aCtx = new AuthenticationContext(“ AuthenticationResult.
Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.

Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten
ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.

ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure

Similar presentations

Ads by Google