Integrate Azure Active Directory with Azure Container Apps for authentication and authorization
By: Date: 11/05/2022 Categories: azure Tags:

An app registration with the Microsoft identity platform can be generated automatically by the Container Apps Authentication feature. A registration that you or a directory administrator generates independently may also be used.

Below is the two options:

Create a new app registration automatically

Use an existing registration created separately

Configure your container app to use Azure Active Directory

  1. Go to Azure portal and naviagte to your app
  2. On the left menu, select Authentication and select Add identity provider
  3. From the dropdown, select Microsoft in the identity provider
  4. For app registration, you can choose to use an existing registration from this directory, which will automatically gather the necessary app information. If you aren’t registered with the app, or your registration isn’t from an existing tenant, you can provide the details of an existing app registration.
  1. If this is the first identity provider configured for the application, you will be asked to configure authentication settings for Container Apps. Otherwise, you can proceed to the next step.
  2. Select Add.

Ensure that your container app can be accessed by client app

Your container app was registered so that users could be verified. This section explains how to set up native client or daemon apps so they can make requests for users or themselves to access the APIs exposed by your container app. If all you want to do is authenticate users, you don’t need to finish the procedures in this section.

Native client application

Native clients can be registered to request access to your container app’s APIs on behalf of logged in users.

  1. Go to Azure portal, select Active Directory > App registrations > New registration.
  2. In the Register an application page, enter a Name for your app registration.
  3. In the Redirect URI, select Public client (mobile & desktop) and type the URL <app-url>/.auth/login/aad/callback. For example, https://<hostname>.azurecontainerapps.io/.auth/login/aad/callback. NoteFor a Microsoft Store application, use the package SID as the URI instead.
  4. Select Register.
  1. After the app registration is created, copy the value of Application (client) ID.
  2. Select API permissions > Add a permission > My APIs.
  3. Select the app registration you created earlier for your container app. If you don’t see the app registration, make sure that you’ve added the user_impersonation scope in Create an app registration in Azure AD for your container app.
  4. Under Delegated permissions, select user_impersonation, and then select Add permissions.

Your native client application now has the ability to request access to your container app on behalf of a user.