Azure AD is Microsoft's cloud-based Identity and Access Management (IAM) service. It helps employees sign in and access internal and external resources securely.
Key Features
| Feature |
Description |
| Authentication |
Supports OAuth 2.0, OpenID Connect, SAML 2.0, WS-Federation |
| Single Sign-On (SSO) |
One login for multiple apps (Microsoft 365, SaaS, custom apps) |
| Multi-Factor Authentication (MFA) |
Adds a second layer of security |
| Conditional Access |
Policies to control access based on location, device, app, etc. |
| RBAC |
Grants least-privilege access to resources |
| Enterprise App Integration |
Integrate thousands of SaaS apps like Salesforce, ServiceNow |
| Custom Domain & Branding |
Customize the login page with your domain and logo |
Common Use Cases for .NET Developers
1. Secure Web App Login (OAuth/OpenID Connect)
- Register the app in the Azure Portal > App registrations.
- Use the Microsoft.Identity.Web NuGet package.
- Configure appsettings.json.
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "yourdomain.com",
"TenantId": "your-tenant-id",
"ClientId": "your-client-id",
"CallbackPath": "/signin-oidc"
}
}
- In Startup.cs or Program.cs.
builder.Services
.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(
builder.Configuration.GetSection("AzureAd")
);
2. Call the Microsoft Graph API
3. Role-Based Access in App
Types of Identities
| Identity Type |
Description |
| Users |
Human users in your org or external |
| Service Principals |
Identity for an app or service |
| Managed Identities |
System-managed identity for Azure services (no secrets!) |
Tools & SDKs
- Microsoft Graph Explorer: test APIs interactively.
- MSAL (Microsoft.Identity.Client): acquire tokens in desktop/mobile apps.
- Microsoft.Identity.Web: for ASP.NET Core Web Apps and APIs.
Security Best Practices
- Always use MFA for user accounts.
- Prefer Managed Identities over client secrets.
- Use Conditional Access Policies.
- Monitor sign-ins via Azure AD Sign-In Logs.