Source from repo

Azure Prepare

Prepare applications for Azure deployment by generating infrastructure code, Dockerfiles, and config files.

microsoftGitHub microsoftOfficialSource repo Original GitHub link Publisher page

Files

164

Skill

n/a

Size

546.9 KB

Entrypoint

SKILL.md

Format

git-repo

Open file

references/services/app-service/templates/recipes/auth/README.md

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

markdown97 linesFree

references/services/app-service/templates/recipes/auth/README.md

1# Entra ID / Easy Auth Recipe — REFERENCE ONLY
2 
3Adds authentication and authorization to an App Service base template using Microsoft Entra ID.
4 
5## Overview
6 
7This recipe configures authentication for App Service apps using either Easy Auth (built-in authentication) or MSAL SDK-based authentication. Easy Auth requires zero code changes; MSAL gives full control.
8 
9## Integration Type
10 
11| Aspect | Value |
12|--------|-------|
13| **Provider** | Microsoft Entra ID (Azure AD) |
14| **Method** | Easy Auth (built-in) or MSAL SDK |
15| **Protocols** | OpenID Connect, OAuth 2.0 |
16| **Token validation** | Automatic (Easy Auth) or middleware (MSAL) |
17 
18## Option A: Easy Auth (Recommended for most apps)
19 
20Zero-code authentication built into App Service. Handles login, token management, and session cookies.
21 
22### Bicep Configuration
23 
24> 💡 Call `mcp_bicep_get_az_resource_type_schema` with resource type `Microsoft.Web/sites/config` to validate properties before generating this resource.
25 
26```bicep
27resource authSettings 'Microsoft.Web/sites/config@2023-12-01' = {
28  parent: webApp
29  name: 'authsettingsV2'
30  properties: {
31    globalValidation: {
32      requireAuthentication: true
33      unauthenticatedClientAction: 'RedirectToLoginPage'
34    }
35    identityProviders: {
36      azureActiveDirectory: {
37        enabled: true
38        registration: {
39          openIdIssuer: 'https://login.microsoftonline.com/${tenant().tenantId}/v2.0'
40          clientId: appRegistration.properties.appId
41        }
42        validation: {
43          defaultAuthorizationPolicy: {
44            allowedApplications: []
45          }
46        }
47      }
48    }
49    login: {
50      tokenStore: {
51        enabled: true
52      }
53    }
54  }
55}
56```
57 
58### App Registration
59 
60> 💡 Call `mcp_bicep_get_az_resource_type_schema` with resource type `Microsoft.Graph/applications` to validate properties before generating this resource. The `microsoftGraphV1_0` extension is required — declare it at the top of the Bicep file.
61 
62```bicep
63extension microsoftGraphV1_0
64 
65resource appRegistration 'Microsoft.Graph/[email protected]' = {
66  displayName: '${name}-app'
67  web: {
68    redirectUris: [
69      'https://${webApp.properties.defaultHostName}/.auth/login/aad/callback'
70    ]
71  }
72}
73```
74 
75## Option B: MSAL SDK (Full control)
76 
77Use when you need custom token validation, API-only auth, or multi-tenant support.
78 
79| Language | Source File |
80|----------|-------------|
81| C# (ASP.NET Core) | [source/dotnet.md](source/dotnet.md) |
82| Python (FastAPI) | [source/python.md](source/python.md) |
83| Node.js (Express) | [source/nodejs.md](source/nodejs.md) |
84 
85## App Settings
86 
87| Setting | Value | Purpose |
88|---------|-------|---------|
89| `AZURE_TENANT_ID` | Entra tenant ID | Identity provider |
90| `AZURE_CLIENT_ID` | App registration client ID | Application identity |
91 
92## References
93 
94- [Easy Auth overview](https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization)
95- [Microsoft Identity Web](https://learn.microsoft.com/en-us/entra/msal/dotnet/microsoft-identity-web/)
96- [Configure Entra ID auth](https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad)
97

Preparing the source view

Azure Prepare

references/services/app-service/templates/recipes/auth/README.md