Azure AD support in Security

[A-5ingh]

Overview of the feature request

Looking for Azure AD authentication and authorization support in the monolith application which gets generated through the blueprint.

Motivation for or Use Case

Most of our applications which we develop uses Azure AD authentication and are always deployed in Azure cloud. We often use this blueprint to generate both backend and frontend for our applications. I can surely contribute towards implementing Azure AD authentication support but will require guidance and support.

Related issues or PR

• Checking this box is mandatory (this is just to show you read everything)

[nicolas63]

Yes, i think is a good idea, i have never use azure ad have you a sample app ?
All security configuration is done here -> https://github.com/jhipster/jhipster-dotnetcore/blob/main/generators/server/templates/dotnetcore/src/Project/Configuration/SecurityStartup.cs.ejs

[A-5ingh]

Thanks @nicolas63
Microsoft has provided enough sample applications which is using msal v2 - https://docs.microsoft.com/en-us/azure/active-directory/develop/sample-v2-code. It include samples for dotnetcore, react, angular etc. Please take a look and let me know what you think.
I'll go through the SecurityStartup.cs.ejs file to understand how it works because this is the first time I'll be working on it.

[nicolas63]

i think i can just add https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/blob/master/2.%20Web%20API%20now%20calls%20Microsoft%20Graph/TodoListService/Startup.cs#L25
in SecurityStartup.
For this you need to add a condition in https://github.com/jhipster/jhipster-dotnetcore/blob/main/generators/server/prompts.js#L74 to add Azure Ad and them you can check if authenticationType is Azure ad like this :

<%_ if (authenticationType === 'jwt') { _%>

sample here https://github.com/jhipster/jhipster-dotnetcore/blob/main/generators/server/templates/dotnetcore/src/Project/Configuration/SecurityStartup.cs.ejs#L65

[nicolas63]

if you want you can update a generated app and them i can help you to integrate this in the genrator

[A-5ingh]

Sure @nicolas63 let me see what can I do, but Azure Ad will require changes in both frontend and backend side. Just like the way oAuth and Jwt authentication have changes in both frontend and backend. I might take some time on getting this done.

[nicolas63]

do you really need change in front ? it's not just a redirect to azure ad login page ?
The easiest way would be to generate an application and then make modification. After that, I can help you to integrate it in the generator.

[A-5ingh]

@nicolas63 Yes frontend code will definitely require change so that on login it will redirect to correct azure ad login page. It requires a library MSAL Microsoft authentication library, which will perform the protection of routes and post login/logout redirects.

Sure, let me do some initial analysis and then will work on the generated app to implement azure ad at backend first. After that we can check the frontend part.

[b509]

Hi,
were you able to make any progress on this? I am trying to do the same with Java Spring Security and Azure AD, but struggling.

[nicolas63]

@b509 sorry any progress on this issue but if you have the time to provide me an example I can help you to integrate the example in the generator

[nicolas63]

@b509 if you need only spring security i think you need to create an issue here https://github.com/jhipster/generator-jhipster

[manishkungwani]

Hi @nicolas63 Is the repo being maintained?
Are you still open to adding Azure AD login as one of the options?