API for Azure AD Authentication through custom website

Prashu 56 Reputation points
2020-09-16T00:32:12.063+00:00

I have a custom website with fields User Name, Password and Submit button. As I click on the button, I need an API which can call https://login.microsoftonline.com/ or any authentication api where in I can send User Name and Password as a parameter and do a silent login. This needs to send me MFA token to registered email id.
On the next screen I would enter MFA Token on customized screen and this needs to call MFA API, validate the token and send the authorization code.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,740 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. soumi-MSFT 11,716 Reputation points Microsoft Employee
    2020-09-16T07:34:33.217+00:00

    @ParshuDA, Thank you for reaching out. Ideally, the steps to achieve the above description is with Azure Active Directory are:

    • Create the signing form with only the signin button
    • Once the user clicks on the signin button, he/she would be taken directly to the AAD's https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/authorize endpoint.
    • This authorize provides the form to enter the username and password and this form is directly posted by AAD.
    • Once you put in the credentials, you hit the signin button. If there is MFA enabled using either conditional access policy or on that user directly, then MFA prompt would come up.
    • After the MFA is successfully done by the user, AAD issues an access token, which would have the MFA done claims too along with the other required/configured claims
    • This token issued by AAD, is posted by AAD on the Application/WebApp's redirect URI for the WebApp to consume the token and grant access to the user.

    Note: The steps mentioned above, is suitable for the OpenIDConnect and Authorize-Code Grant Flow of OAuth2

    Also, you can check the following ASP .NET Framework sample for your reference: https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect
    If you are using any other language to develop the web app, you can check the following link to get the list of supported languages for MSAL (Microsoft Authentication Library) to get the samples for the respective language: https://learn.microsoft.com/en-us/azure/active-directory/develop/sample-v2-code

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.