Hi Akash, Thank you for reaching out. I will try to make it ASAP. AD authentication is useful mostly for the project in the organization and not suitable for personal or customer facing applications. I'm happy you started with a new project for learning. Happy learning!
Hi Akash, Thank you for waiting on your ask. I'm on it now and will make video within this week. You will see a new video on Azure AD SSO in a day, hope that will keep you busy till your video comes!
Thank you! I found this helpful. I have seen a few videos on Identiy which is ok for 1 app but I want to use Azure AD/Entra since I need to think about the whole organization and users eventually having access to multiple apps. I am still not clear on when to use scope vs roles for [Authorize ="myRole"] but I will re-watch the video, try out the code, and watch some of the prior videos. AD/Entra is definitely what I was looking for!
Hi, thank you for watching. Here is the latest video on Azure AD with SSO for multiple applications. th-cam.com/video/SB1_zI11REI/w-d-xo.html Hope you will like this too and useful. Please share your comments after watching it.
Thank you for the videos-they were incredibly helpful and straight to the point. I've always found authentication and authorization to be somewhat of a grey area for me, but the clarity of the video really helped me implement it in my use case. However, in our WebAPI, we're exposing a method to an external app that isn't hosted in the same tenant as our client app (which consumes most of the WebAPI). How can I implement this strategy in this particular scenario?
Hi Ravi, Thank you for your kind words! I’m glad the videos helped clarify some of the complexities around authentication and authorization. Regarding your scenario where the Web API is being exposed to an external app hosted in a different Azure AD tenant: To make this work, you can configure your Web API as a multi-tenant application. Here’s an overview of how you can approach it: Enable Multi-Tenant Support for the Web API: In the Azure AD App Registration of your Web API, update the authentication settings to allow "Accounts in any organizational directory". This makes your API accessible to users from other Azure AD tenants. Grant Permissions to the External App: The external app (in its own tenant) will need to request API permissions to access your Web API. The admin of the external app will need to provide consent for the requested permissions. Token Validation in Your Web API: Your Web API needs to be configured to accept tokens from multiple tenants. This involves handling token issuer validation to allow tokens from different tenants. By following these steps, the external app should be able to authenticate and access your Web API securely.
16:56 you're saying that we need to copy scopes from api app registration and put it in the scopes in the frontend but what i see is that you're not copy pasting and values are different there
Hi, Thank you for asking your questions. In the video, I show how to create and configure the values in .Net and Angular apps. My demo video had a completed, working application. Important steps are to know how to create an App Registration and configure its values to your apps. Hope this is clear and helps.
Thanks for creating complete video on it, but after following the steps as mentioned this did not worked for me. Also, as I see the values which you have shown in the video client id, tenant id (for UI and API) is different then you received from portal and the scope url which includes {client}/expense.read and write in config are different.
At 05:23 the all application tab shows you have used there are 3 application, and you have used those client id but in video it shows only 2 can you help with this ?
Hi Devan, Thank you for watching the video. Let's clarify few things. I have expense tracker app, one is based on AD B2C and one is based on Azure AD authentication. For this video, we use Azure AD authentication so you should refer to this branch. github.com/learnsmartcoding/expense-tracker-web-api/tree/feature/azure_ad_authentication github.com/learnsmartcoding/expense-tracker-web/tree/feature/azure_ad_authentication If you follow the video at your end and then replace the values in the above repo code, it should work. Please explain briefly if you dont succeed after this try. Hope this helps.
Hi Devan, As per the time you mentioned, you might see many app on screen but dont worry as they are for other app purpose. for our app, we need 2 registrations one for dotnet core web api (backend) and one for angular ui (front end). if you configure those correct and replace the config values in the repo code I mentioned in previous comments, it should work. Please watch this video one more time, follow along with the video and try that out. if you face anu issue, drop a comment and I will help you out. Hope this helps.
Hi Patel, Azure AD is mainly for the users in the organization. Azure AD protected applications cannot be used if the user is not part of organization. Please let me know if you have any other questions. hope this helps
@@learnsmartcoding how to get the list of credit card list in the frontend? i can login and logout but the credit card list is not available do i have to run some sort of migration command to populate the data?
Hi, The client secret is typically used when the backend needs to communicate with another service to obtain a token. From a security perspective, it's crucial to safeguard sensitive configuration values like the Azure client ID, client secret, and other credentials. The best practice is to store these values in environment variables, or even better, in Azure Key Vault for enhanced security. This ensures that sensitive data is not exposed within the application code or configuration files. In my video, I primarily focused on demonstrating how Azure AD integrates with a .NET Core backend and Angular frontend, which is why I didn't go into the details of securely storing secrets, but the backend security is always a key consideration. Hope this helps and feel free to ask any other questions you may have.
Thanks for this informative video. Eagerly waiting to learn more about roles and permission for user. Keep it up :)
Sorry, but how soon I can expect video. I've also started side project for learning. Thanks sir
Hi Akash, Thank you for reaching out. I will try to make it ASAP. AD authentication is useful mostly for the project in the organization and not suitable for personal or customer facing applications.
I'm happy you started with a new project for learning.
Happy learning!
Hi Akash, Thank you for waiting on your ask. I'm on it now and will make video within this week. You will see a new video on Azure AD SSO in a day, hope that will keep you busy till your video comes!
Thank you! I found this helpful. I have seen a few videos on Identiy which is ok for 1 app but I want to use Azure AD/Entra since I need to think about the whole organization and users eventually having access to multiple apps. I am still not clear on when to use scope vs roles for [Authorize ="myRole"] but I will re-watch the video, try out the code, and watch some of the prior videos. AD/Entra is definitely what I was looking for!
Glad it was helpful!
Hi, thank you for watching. Here is the latest video on Azure AD with SSO for multiple applications.
th-cam.com/video/SB1_zI11REI/w-d-xo.html
Hope you will like this too and useful.
Please share your comments after watching it.
Thanks for making video. Good content
Thanks for watching!
Thank you for the videos-they were incredibly helpful and straight to the point. I've always found authentication and authorization to be somewhat of a grey area for me, but the clarity of the video really helped me implement it in my use case.
However, in our WebAPI, we're exposing a method to an external app that isn't hosted in the same tenant as our client app (which consumes most of the WebAPI). How can I implement this strategy in this particular scenario?
Hi Ravi,
Thank you for your kind words! I’m glad the videos helped clarify some of the complexities around authentication and authorization.
Regarding your scenario where the Web API is being exposed to an external app hosted in a different Azure AD tenant:
To make this work, you can configure your Web API as a multi-tenant application. Here’s an overview of how you can approach it:
Enable Multi-Tenant Support for the Web API: In the Azure AD App Registration of your Web API, update the authentication settings to allow "Accounts in any organizational directory". This makes your API accessible to users from other Azure AD tenants.
Grant Permissions to the External App: The external app (in its own tenant) will need to request API permissions to access your Web API. The admin of the external app will need to provide consent for the requested permissions.
Token Validation in Your Web API: Your Web API needs to be configured to accept tokens from multiple tenants. This involves handling token issuer validation to allow tokens from different tenants.
By following these steps, the external app should be able to authenticate and access your Web API securely.
16:56 you're saying that we need to copy scopes from api app registration and put it in the scopes in the frontend but what i see is that you're not copy pasting and values are different there
Hi, Thank you for asking your questions. In the video, I show how to create and configure the values in .Net and Angular apps. My demo video had a completed, working application. Important steps are to know how to create an App Registration and configure its values to your apps.
Hope this is clear and helps.
what we need to do to get the credit card list in the frontend?
Hi, are you looking for the application full implementation? Please clarify.
@@learnsmartcoding yes
Thanks for the informative video. Can you please help me in setting up SSO for my organization?
Hi Ayush, I am glad it helped you. Did you succeed in implementing application using Azure ad?
I will make a video on SSO within this week. Hope that helps.
@@learnsmartcoding Yes it really helped me to integrate Azure AD within my application.
@@learnsmartcoding Thank you. Eagerly waiting for the SSO video.
@learnsmartcoding when the SSO video will come?
Thanks for creating complete video on it, but after following the steps as mentioned this did not worked for me. Also, as I see the values which you have shown in the video client id, tenant id (for UI and API) is different then you received from portal and the scope url which includes {client}/expense.read and write in config are different.
At 05:23 the all application tab shows you have used there are 3 application, and you have used those client id but in video it shows only 2 can you help with this ?
Hi Devan, Thank you for watching the video. Let's clarify few things. I have expense tracker app, one is based on AD B2C and one is based on Azure AD authentication.
For this video, we use Azure AD authentication so you should refer to this branch.
github.com/learnsmartcoding/expense-tracker-web-api/tree/feature/azure_ad_authentication
github.com/learnsmartcoding/expense-tracker-web/tree/feature/azure_ad_authentication
If you follow the video at your end and then replace the values in the above repo code, it should work.
Please explain briefly if you dont succeed after this try.
Hope this helps.
Hi Devan, As per the time you mentioned, you might see many app on screen but dont worry as they are for other app purpose. for our app, we need 2 registrations one for dotnet core web api (backend) and one for angular ui (front end). if you configure those correct and replace the config values in the repo code I mentioned in previous comments, it should work.
Please watch this video one more time, follow along with the video and try that out. if you face anu issue, drop a comment and I will help you out.
Hope this helps.
without user create kya hum login kar sakate he azure portal me
Hi Patel, Azure AD is mainly for the users in the organization. Azure AD protected applications cannot be used if the user is not part of organization.
Please let me know if you have any other questions.
hope this helps
Can you make a video with dotnet8 and Angular18?
Hi, Sure. I want to clarify your question. Are you looking for dotnet core web API 8 and Angular 18 courses?
@@learnsmartcoding yes i would say so
@@learnsmartcoding how to get the list of credit card list in the frontend? i can login and logout but the credit card list is not available do i have to run some sort of migration command to populate the data?
Where we save client secrets
Hi,
The client secret is typically used when the backend needs to communicate with another service to obtain a token. From a security perspective, it's crucial to safeguard sensitive configuration values like the Azure client ID, client secret, and other credentials.
The best practice is to store these values in environment variables, or even better, in Azure Key Vault for enhanced security. This ensures that sensitive data is not exposed within the application code or configuration files.
In my video, I primarily focused on demonstrating how Azure AD integrates with a .NET Core backend and Angular frontend, which is why I didn't go into the details of securely storing secrets, but the backend security is always a key consideration.
Hope this helps and feel free to ask any other questions you may have.
credentials not working
Hi Akshay,
Use this for testing
EmailId : apptester@learnsmartcodinggmail.onmicrosoft.com
Password: Nofa59375525