This demonstrates OAuth workflow where users grant access to their ARM (Azure Resource Management) to third party site.
- Clone this repository to your local drive.
- Open
ARMOAuth.sln
with VS 2012+ and compile. - Before runnin the project, you need to create AAD application and adjust AAD related settings described below.
- Goto Azure Portal and create AAD Application. You may create an application on existing AAD directory or a new directory altogether.
- Select
Add an application my organization is developing
- Enter any name for application name.
- Select
WEB APPLICATION AND/OR WEB API
- Enter
https://localhost:44300/
asSIGN ON URL
- Enter
https://<tenant-name>/
asAPP ID URL
. This is required in order to enableAPPLICATION IS MULTI-TENANT
. The value should be in form ofhttps://<mytenant>.onmicrosoft.com/
. You can find this information on the address URL of the portal above (look for path with@<mytenant>.onmicrosoft.com
). - Once created, click
CONFIGURE
tab - Select YES for
APPLICATION IS MULTI-TENANT
and save. - On
Permission to other applications
, addWindows Azure Management API
and checkAccess Azure Service Management
forDelegated Permissions
and save. - On
Keys
section, create a client secret. You must save thekey
value somewhere since Portal will not display this again.
- Open
ARMOAuth.sln
with VS 2012+. - Copy
CLIENT ID
of your AAD application and paste it in this line. - Copy
key
(client secret) and paste it in this line. - Build and run the project.
- On browser, it should redirect to login page.
- Enter AAD account and password. You may experiment with account on the same or different AAD directory as the application. Due to AAD limitation, this does not work with MSA (live.com, hotmail.com, ...) accounts.
- You should be prompt with OAuth allow/deny page, do accept it.
https://localhost:44300/token
- show current token details.https://localhost:44300/tenants
- show all tenants (AAD directory) user belongs to.https://localhost:44300/tenants/<tenant-id>
- to switch tenant.https://localhost:44300/subscriptions
- list subscriptions.https://localhost:44300/subscriptions/<sub-id>/resourceGroups
- list resourceGroups for a subscription.https://localhost:44300/subscriptions/<sub-id>/resourceGroups/<resource>/providers/Microsoft.Web/sites
- list sites.- and so on..
Any issue, do let me know.