Hi Akash, Thank you for reaching out. I will try to make it ASAP. AD authentication is useful mostly for the project in the organization and not suitable for personal or customer facing applications. I'm happy you started with a new project for learning. Happy learning!
Hi Akash, Thank you for waiting on your ask. I'm on it now and will make video within this week. You will see a new video on Azure AD SSO in a day, hope that will keep you busy till your video comes!
Thank you! I found this helpful. I have seen a few videos on Identiy which is ok for 1 app but I want to use Azure AD/Entra since I need to think about the whole organization and users eventually having access to multiple apps. I am still not clear on when to use scope vs roles for [Authorize ="myRole"] but I will re-watch the video, try out the code, and watch some of the prior videos. AD/Entra is definitely what I was looking for!
Hi, thank you for watching. Here is the latest video on Azure AD with SSO for multiple applications. ruclips.net/video/SB1_zI11REI/видео.html Hope you will like this too and useful. Please share your comments after watching it.
Hi Sandeep, Yes, it is possible. Here is the video showing how to do what you asked. ruclips.net/video/0S0aspQAxrc/видео.html Hope this helps. Happy learning!
16:56 you're saying that we need to copy scopes from api app registration and put it in the scopes in the frontend but what i see is that you're not copy pasting and values are different there
Hi, Thank you for asking your questions. In the video, I show how to create and configure the values in .Net and Angular apps. My demo video had a completed, working application. Important steps are to know how to create an App Registration and configure its values to your apps. Hope this is clear and helps.
Hi there! Sorry for the delayed response. Thank you for the question! 😊 Yes, MSAL authentication can be implemented with dynamic configuration. Just to clarify, are you referring to environment-based dynamic configuration (e.g., switching settings for dev, staging, or production) or something else, like multi-tenant authentication where the app adjusts Azure AD settings dynamically based on the tenant? Both scenarios are possible: Environment-Based Dynamic Configuration: This is often used in real-world apps to manage different Azure AD settings (like client IDs or redirect URIs) for various environments. Multi-Tenant Apps: For applications needing to authenticate users from different Azure AD tenants, dynamic configuration can handle tenant-specific settings at runtime. If you could share more details about your use case, I’d be happy to explore this further and possibly create a video on it! 😊 Best regards, Karthik Learn Smart Coding
Thank you for the videos-they were incredibly helpful and straight to the point. I've always found authentication and authorization to be somewhat of a grey area for me, but the clarity of the video really helped me implement it in my use case. However, in our WebAPI, we're exposing a method to an external app that isn't hosted in the same tenant as our client app (which consumes most of the WebAPI). How can I implement this strategy in this particular scenario?
Hi Ravi, Thank you for your kind words! I’m glad the videos helped clarify some of the complexities around authentication and authorization. Regarding your scenario where the Web API is being exposed to an external app hosted in a different Azure AD tenant: To make this work, you can configure your Web API as a multi-tenant application. Here’s an overview of how you can approach it: Enable Multi-Tenant Support for the Web API: In the Azure AD App Registration of your Web API, update the authentication settings to allow "Accounts in any organizational directory". This makes your API accessible to users from other Azure AD tenants. Grant Permissions to the External App: The external app (in its own tenant) will need to request API permissions to access your Web API. The admin of the external app will need to provide consent for the requested permissions. Token Validation in Your Web API: Your Web API needs to be configured to accept tokens from multiple tenants. This involves handling token issuer validation to allow tokens from different tenants. By following these steps, the external app should be able to authenticate and access your Web API securely.
Hi Patel, Azure AD is mainly for the users in the organization. Azure AD protected applications cannot be used if the user is not part of organization. Please let me know if you have any other questions. hope this helps
Thanks for creating complete video on it, but after following the steps as mentioned this did not worked for me. Also, as I see the values which you have shown in the video client id, tenant id (for UI and API) is different then you received from portal and the scope url which includes {client}/expense.read and write in config are different.
At 05:23 the all application tab shows you have used there are 3 application, and you have used those client id but in video it shows only 2 can you help with this ?
Hi Devan, Thank you for watching the video. Let's clarify few things. I have expense tracker app, one is based on AD B2C and one is based on Azure AD authentication. For this video, we use Azure AD authentication so you should refer to this branch. github.com/learnsmartcoding/expense-tracker-web-api/tree/feature/azure_ad_authentication github.com/learnsmartcoding/expense-tracker-web/tree/feature/azure_ad_authentication If you follow the video at your end and then replace the values in the above repo code, it should work. Please explain briefly if you dont succeed after this try. Hope this helps.
Hi Devan, As per the time you mentioned, you might see many app on screen but dont worry as they are for other app purpose. for our app, we need 2 registrations one for dotnet core web api (backend) and one for angular ui (front end). if you configure those correct and replace the config values in the repo code I mentioned in previous comments, it should work. Please watch this video one more time, follow along with the video and try that out. if you face anu issue, drop a comment and I will help you out. Hope this helps.
@@learnsmartcoding how to get the list of credit card list in the frontend? i can login and logout but the credit card list is not available do i have to run some sort of migration command to populate the data?
Hi, If your organization does not allow you to grant admin consent directly, you'll need to request approval from an admin. Here's a step-by-step guide: Create the App Registration Register your applications (Angular and .NET Core Web API) in Azure AD as usual. Add API Permissions Add the required permissions for your API. For example, if your Web API exposes scopes, ensure those are added. Submit the Admin Consent Request In the Azure portal, navigate to API Permissions under your app registration. You’ll see a "Grant admin consent" button if you have the privilege, but since you don’t, you’ll see a banner stating that admin consent is required. Follow the link or use your organization’s approval process to submit the request. Work with Your Admin Provide your admin with details about the permissions you’re requesting and why they’re needed. You can also share links to Microsoft documentation if additional clarity is required. Await Approval Once the admin consents, you’ll be notified (or you can check back in the Azure portal to see if the permissions are now granted). Test Your App Once admin consent is granted, proceed with testing the authentication and ensure everything works as expected. If you're unsure about the admin approval process in your organization, you may need to contact your IT department or Azure AD admin team for guidance. Let me know if you need additional details!
Hi, The client secret is typically used when the backend needs to communicate with another service to obtain a token. From a security perspective, it's crucial to safeguard sensitive configuration values like the Azure client ID, client secret, and other credentials. The best practice is to store these values in environment variables, or even better, in Azure Key Vault for enhanced security. This ensures that sensitive data is not exposed within the application code or configuration files. In my video, I primarily focused on demonstrating how Azure AD integrates with a .NET Core backend and Angular frontend, which is why I didn't go into the details of securely storing secrets, but the backend security is always a key consideration. Hope this helps and feel free to ask any other questions you may have.
Thanks for this informative video. Eagerly waiting to learn more about roles and permission for user. Keep it up :)
Sorry, but how soon I can expect video. I've also started side project for learning. Thanks sir
Hi Akash, Thank you for reaching out. I will try to make it ASAP. AD authentication is useful mostly for the project in the organization and not suitable for personal or customer facing applications.
I'm happy you started with a new project for learning.
Happy learning!
Hi Akash, Thank you for waiting on your ask. I'm on it now and will make video within this week. You will see a new video on Azure AD SSO in a day, hope that will keep you busy till your video comes!
Thank you! I found this helpful. I have seen a few videos on Identiy which is ok for 1 app but I want to use Azure AD/Entra since I need to think about the whole organization and users eventually having access to multiple apps. I am still not clear on when to use scope vs roles for [Authorize ="myRole"] but I will re-watch the video, try out the code, and watch some of the prior videos. AD/Entra is definitely what I was looking for!
Glad it was helpful!
Hi, thank you for watching. Here is the latest video on Azure AD with SSO for multiple applications.
ruclips.net/video/SB1_zI11REI/видео.html
Hope you will like this too and useful.
Please share your comments after watching it.
Thanks for making video. Good content
Thanks for watching!
Thanks for your informative video. Is it possible to configure swagger to logging directly and get authorize to test API
Hi Sandeep, Yes, it is possible. Here is the video showing how to do what you asked.
ruclips.net/video/0S0aspQAxrc/видео.html
Hope this helps.
Happy learning!
16:56 you're saying that we need to copy scopes from api app registration and put it in the scopes in the frontend but what i see is that you're not copy pasting and values are different there
Hi, Thank you for asking your questions. In the video, I show how to create and configure the values in .Net and Angular apps. My demo video had a completed, working application. Important steps are to know how to create an App Registration and configure its values to your apps.
Hope this is clear and helps.
Hey bro can we implement msal authentication by dynamic configuration?
If possible please make a video
Hi there! Sorry for the delayed response.
Thank you for the question! 😊 Yes, MSAL authentication can be implemented with dynamic configuration. Just to clarify, are you referring to environment-based dynamic configuration (e.g., switching settings for dev, staging, or production) or something else, like multi-tenant authentication where the app adjusts Azure AD settings dynamically based on the tenant?
Both scenarios are possible:
Environment-Based Dynamic Configuration:
This is often used in real-world apps to manage different Azure AD settings (like client IDs or redirect URIs) for various environments.
Multi-Tenant Apps:
For applications needing to authenticate users from different Azure AD tenants, dynamic configuration can handle tenant-specific settings at runtime.
If you could share more details about your use case, I’d be happy to explore this further and possibly create a video on it! 😊
Best regards,
Karthik
Learn Smart Coding
@learnsmartcoding thank you so much brother, it means a lot 💘🙏
what we need to do to get the credit card list in the frontend?
Hi, are you looking for the application full implementation? Please clarify.
@@learnsmartcoding yes
Thank you for the videos-they were incredibly helpful and straight to the point. I've always found authentication and authorization to be somewhat of a grey area for me, but the clarity of the video really helped me implement it in my use case.
However, in our WebAPI, we're exposing a method to an external app that isn't hosted in the same tenant as our client app (which consumes most of the WebAPI). How can I implement this strategy in this particular scenario?
Hi Ravi,
Thank you for your kind words! I’m glad the videos helped clarify some of the complexities around authentication and authorization.
Regarding your scenario where the Web API is being exposed to an external app hosted in a different Azure AD tenant:
To make this work, you can configure your Web API as a multi-tenant application. Here’s an overview of how you can approach it:
Enable Multi-Tenant Support for the Web API: In the Azure AD App Registration of your Web API, update the authentication settings to allow "Accounts in any organizational directory". This makes your API accessible to users from other Azure AD tenants.
Grant Permissions to the External App: The external app (in its own tenant) will need to request API permissions to access your Web API. The admin of the external app will need to provide consent for the requested permissions.
Token Validation in Your Web API: Your Web API needs to be configured to accept tokens from multiple tenants. This involves handling token issuer validation to allow tokens from different tenants.
By following these steps, the external app should be able to authenticate and access your Web API securely.
without user create kya hum login kar sakate he azure portal me
Hi Patel, Azure AD is mainly for the users in the organization. Azure AD protected applications cannot be used if the user is not part of organization.
Please let me know if you have any other questions.
hope this helps
Thanks for creating complete video on it, but after following the steps as mentioned this did not worked for me. Also, as I see the values which you have shown in the video client id, tenant id (for UI and API) is different then you received from portal and the scope url which includes {client}/expense.read and write in config are different.
At 05:23 the all application tab shows you have used there are 3 application, and you have used those client id but in video it shows only 2 can you help with this ?
Hi Devan, Thank you for watching the video. Let's clarify few things. I have expense tracker app, one is based on AD B2C and one is based on Azure AD authentication.
For this video, we use Azure AD authentication so you should refer to this branch.
github.com/learnsmartcoding/expense-tracker-web-api/tree/feature/azure_ad_authentication
github.com/learnsmartcoding/expense-tracker-web/tree/feature/azure_ad_authentication
If you follow the video at your end and then replace the values in the above repo code, it should work.
Please explain briefly if you dont succeed after this try.
Hope this helps.
Hi Devan, As per the time you mentioned, you might see many app on screen but dont worry as they are for other app purpose. for our app, we need 2 registrations one for dotnet core web api (backend) and one for angular ui (front end). if you configure those correct and replace the config values in the repo code I mentioned in previous comments, it should work.
Please watch this video one more time, follow along with the video and try that out. if you face anu issue, drop a comment and I will help you out.
Hope this helps.
Can you make a video with dotnet8 and Angular18?
Hi, Sure. I want to clarify your question. Are you looking for dotnet core web API 8 and Angular 18 courses?
@@learnsmartcoding yes i would say so
@@learnsmartcoding how to get the list of credit card list in the frontend? i can login and logout but the credit card list is not available do i have to run some sort of migration command to populate the data?
Thanks for the informative video. Can you please help me in setting up SSO for my organization?
Hi Ayush, I am glad it helped you. Did you succeed in implementing application using Azure ad?
I will make a video on SSO within this week. Hope that helps.
@@learnsmartcoding Yes it really helped me to integrate Azure AD within my application.
@@learnsmartcoding Thank you. Eagerly waiting for the SSO video.
@learnsmartcoding when the SSO video will come?
what do i do if my org does not allow me to grant admin consent? it has to be approved i know that much.
Hi,
If your organization does not allow you to grant admin consent directly, you'll need to request approval from an admin. Here's a step-by-step guide:
Create the App Registration
Register your applications (Angular and .NET Core Web API) in Azure AD as usual.
Add API Permissions
Add the required permissions for your API. For example, if your Web API exposes scopes, ensure those are added.
Submit the Admin Consent Request
In the Azure portal, navigate to API Permissions under your app registration.
You’ll see a "Grant admin consent" button if you have the privilege, but since you don’t, you’ll see a banner stating that admin consent is required.
Follow the link or use your organization’s approval process to submit the request.
Work with Your Admin
Provide your admin with details about the permissions you’re requesting and why they’re needed. You can also share links to Microsoft documentation if additional clarity is required.
Await Approval
Once the admin consents, you’ll be notified (or you can check back in the Azure portal to see if the permissions are now granted).
Test Your App
Once admin consent is granted, proceed with testing the authentication and ensure everything works as expected.
If you're unsure about the admin approval process in your organization, you may need to contact your IT department or Azure AD admin team for guidance.
Let me know if you need additional details!
credentials not working
Hi Akshay,
Use this for testing
EmailId : apptester@learnsmartcodinggmail.onmicrosoft.com
Password: Nofa59375525
Where we save client secrets
Hi,
The client secret is typically used when the backend needs to communicate with another service to obtain a token. From a security perspective, it's crucial to safeguard sensitive configuration values like the Azure client ID, client secret, and other credentials.
The best practice is to store these values in environment variables, or even better, in Azure Key Vault for enhanced security. This ensures that sensitive data is not exposed within the application code or configuration files.
In my video, I primarily focused on demonstrating how Azure AD integrates with a .NET Core backend and Angular frontend, which is why I didn't go into the details of securely storing secrets, but the backend security is always a key consideration.
Hope this helps and feel free to ask any other questions you may have.