great place to work

Azure AD Authentication – User Guide


Saransk, Russia – January 03, 2016: A computer screen shows details of Microsoft Azure main page on its web site in Saransk, Russia, on January 03, 2016. Selective focus.


Azure Active Directory or Azure AD is Microsoft’s multi-tenant cloud-based directory and identity management service. Azure AD is an identity provider to verify the identity of the user in an organization’s active directory. If the user identity is valid, it will issue valid access token and refresh token. By using this token, you can get the user information such as email id, phone number etc. from the AD. This is a secure authentication method. Azure AD provides an affordable and convenient solution for the employees as it gives a single sign-on (SSO) access to thousands of cloud SaaS Applications. The application developers can focus on building the application which is made fast, simple and easy to integrate. Azure AD includes a full suite of identity management capabilities which help to secure cloud-based applications, streamline IT processes and reduce costs thereby, ensuring that the business goals are met.

To authenticate AD users in Azure, you need to do the following:

Azure AD Authentication Configurations in Azure Portal

You need to configure in Azure AD through Azure portal.

a) Identify the AD Tenant ID from the Azure portal – You need to identify the AD Tenant ID from the portal. It will be present in the AD URI (Uniform Resource Identifier) as shown below:


b) Register Web API application in Azure portal – You need to register a web API application in Azure Active directory. Go to App registrations section, there is an ‘Add’ button to add a new application.
Virtual machines

c) Create an application with type Web app/API. Give a name for the application and sign on URL as our Web API localhost URL.App Registrations in Azure

Now, the web API application is created successfully.

Azure authentication

d) You need to add the following permissions to the Windows Azure AD of this newly created Web API project.
• Read Directory Data.
• Sign and read user profile.

Azure AD

e) You need to note down the App ID URL of this newly created web API project for further use.

Azure samplewebapi

f) Register Native Application in Azure portal.

  • Create a native application within active directory.

Azure new properties

  • Add permission to access registered web API project in native application. You need to add the web API application added in Azure to the native application as shown below:

Azure applications

Add permission to access the web API project.

Permission for apps

Now, the configuration part in Azure for AD authentication is completed.

AD Authentication on Web API Project (Backend)

a. Open the Web API project.
b. You need to add nugget package – Microsoft.IdentityModel.Clients.ActiveDirectory to the application.
c. You have to set the following data in the web.config file.

Ad Authentication


  • ida:AADInstance = is the API we have used for authenticating AD users.
  • ida:Tenant =559a5fcf-d655-4530-8d58-ed9a84bc4e19 is the Active directory Tenant ID.
  • ida:ClientId=3d9ee5ff-3c26-4ae0-84c2-9000ea7ed29e is the client ID/Application ID of the native app registered in the Azure portal.
  • ida:Audience – https://SampleWebAPI” is the App ID URL of web API application registered in the Azure portal.

d. Source code for authenticating AD users

Ad users

The Authentication Context class retrieves authentication tokens from Azure Active Directory. We need to pass the AD user username and password to get the token. If it is valid authentication, it will retrieve the access token and refresh token.

The AuthenticationContext class retrieves authentication tokens from Azure Active Directory. We need to pass the AD user username and password to get the token. If it is valid authentication, it will retrieve the access token and refresh token.

How to Fetch User Information from AD

You need to fetch user information like email id, if token is valid.  You can use the following API:{our AD domain name or Tenant ID}/me?api-version=1.6

You need to provide AD tenant Id or name to get the user information. Also, you need to provide valid token as request header to identify the user. Code for Azure authentication

AD will validate the user and provide the user information as response.


Azure Active Directory (Azure AD) plays an important role in simplifying authentication for developers by providing identity as a service. It is considered to be the bedrock of Azure, enabling authentication with web applications, mobile applications, web API, Office 365 etc. Selecting Azure AD, you can overcome most of the challenges. One can take advantage of its rich single sign on features, standard protocols and consistent identity management system. You are able to access resources from different web applications hosted on the cloud. The Azure AD authentication enables application developers to authenticate users to cloud or on-premises Active Directory and then obtain access tokens for securing API calls in an easy and convenient manner. AD authentication can help a developer to focus on business logic in their application and easily secure resources.


Aneesha KA

Sr. Software Engineer, RapidValue

How can we help you?