Basics of Azure Active Directory with Android Studio Demonstration



What is Azure Active Directory?
Well before we answer what is Azure Active Directory we must first understand what the Domain Controller is.

Domain Controller(DC): is a server that manages network security, effectively acting as the gatekeeper for user authentication and authorisation. In simple terms its a log in system which you can implement within your Azure web or mobile app, to authenticate users sign in credentials and to then provide authorisation to get access to data in your application.

Authentication:  is the process of verifying oneself.
Authorisation:  Once authentication has been successful you are granted access to data in the application. Depending on your authorisation level you may only be able to access certain resources.

So what is Azure Active Directory?
is the central database on the domain controller where the login credentials(usernames and passwords) of all client computers, printers, and other shared resources in the network are stored. When someone tries to login, their login credentials must match those saved in Active Directory in order to gain access to the network resources(data in the application). Once you have signed in successfully, the Active directory provides you with a signed Access Token.

Access Token: This is a secure way to proof that the user has authorisation without having to pass usernames and passwords across the internet which is insecure. The information in a token includes the identity and privileges of the user account. An Access Token is a credential that can be used by an application to access an API, they inform the API that the bearer of the token has been authorised to access the API and perform specific actions specified by the scope/SQL Database that has been granted, this is Row Level Security. An API receiving this token would have a public key to decrypt the token.

Row-Level Security (RLS): simplifies the design and coding of security in your application. RLS helps you implement restrictions on data row access. For example is to restrict customers' data access to only the data relevant to their company.


Here is a Metaphor to bring everything above together:
Imagine you are trying to get into your office building but you have forgotten your pass so you go to the security guard aka the Domain Controller and ask to be authenticated. The security guards ask for your credentials such as your password and username, the security guard will then go on the computer and check if your credentials match what is on the database aka the Active Directory. If the credentials match, the security guard will give you a pass aka Access Token to show you have been authorised and you will be allowed in the building. Depending on your authorisation level you may only be able to access certain rooms. However if your credentials do no match whats on the database aka Active Directory, you will be denied access to the building. Anyway you have been authorised on this occasion so whilst inside the building you try to enter a room so you need to scan the pass aka Access Token to open the door, the scan will check if the pass aka Access Token is valid in the database aka the Active Directory and if successful it will then check the SQL database where all the application user data is stored to see if your pass aka Access Token has permission to enter this specific room aka Row Level Security, if yes then open the door, if no they then door stays closed.

Lets build an Android Application with Azure Active Directory!  

 Add users to the Active Directory

 Step 1: Create an account with Azure and go to the Azure dashboard
Step 2: Click on "Azure Active Directory"
Step 3: Click on "Custom Domain Names" and copy your domain name as you need it for the next step. It will look something like this: garethsanashee.onmicrosoft.com
Step 4: Click on "Users" then "New User" in the field "User Name" you must use your custom domain name from step 3. Once filled in click "Create" Here is what it will look like:



Create App Registration 

 Step 5: Click "App Registrations" then click "New Registration" and give it a name and leave the check box "Accounts in this organisational directory only (Default Directory)" and press register.
Step 6: In the App Registration you just created click "Quick start" and Click on "Android" and follow the steps.

Key Point: Under "Generating a development Signature Hash. This will change for each development environment." copy the "keytool -exportcert -alias androiddebugkey..." paste into your CMD and press enter. This will either give you the keytool or tell you to install "OPENSSL". No password required just press enter!
How to get the Key Tool:
1. find where your key tool is on your computer, copy the path and paste in the "Environment Variables" > "System Path"
Example: c:\Program files\java\jre - 10.0.1\bin
if you can not find "java" file then you need to install Android Studio or the JVM from Oracle
2. Download "OPENSSL" then copy the path for this and paste in the "Environment Variables" > "System Path"
download from: https://slproweb.com/products/Win32OpenSSL.html

Step 7: Once you have created the Application in Azure, download and open the Android Studio project and copy and paste the code from the App registration instructions.
Step 8: Run the application on your device and this will give you an out the box log in application with the Graph API. You will find that you can only log into the app if you are part of the Azure Active Directory.

This is how it works:


Well done you have set up an Android Application with Azure Active Directory!


Comments

Post a Comment

Popular posts from this blog

Basic Overview of Microsoft Azure?

Image
Microsoft Azure is a cloud computing service created for building, testing, deploying, and managing applications and services through their numerous data centres around the world. Typically, you only pay for cloud services you use, helping you lower your operating costs, run your infrastructure more efficiently and scale as your business needs change.Here are a few of the many services you can do with Azure(If you don't understand these services just yet, don't worry I will create another article for each of these services):  - SQL databases - App services for web and mobile applications. - Active Directory Users and Groups - Virtual Machines Cloud Computing: In the simplest terms, cloud computing means storing and accessing data and programs over the Internet instead of your computer's hard drive. The cloud is just a metaphor for the Internet. Data Centres: A place that stores, manages and distributes its data. Azure currently has data centres in 140 countries...
Read more

Understanding the basics of REST API with HTTP and JSON

Image
What is an API? The Messenger  API stands for Application Programming Interface.The API is the messenger that takes REQUESTS and tells the system what you want to do and returns a RESPONSE back to you. This allows two pieces of software to communicate with each other. Metaphor example: Waiter at a restaurant gets the REQUEST from customer and tells the Kitchen what to do and then delivers the RESPONSE back to the customer. One of the most popular types of API is REST or, as they’re sometimes known, RESTful APIs. What is REST ? Let us use HTTP requests to format those messages  The short answer is that REST stands for Representational State Transfer. Architecture style for designing network applications which are are stateless, meaning that the server does not need to know anything about what state the client is in and vice versa. In other words REST is a set of rules/standards/guidelines that follow the REST specification, basically governs the behaviour of clients a...
Read more

Android App - Gym League Table

This is an application which I created in Android Studio and wrote in Java to improve my programming abilities.  How the app works Step 1 -logging in or signing up Under the surface: The app loads the intent filter (MainActivity) which then goes to onResume and checks if user is logged in by check if  FirebaseAuth.getInstance().id is not null - If null this will start AcrtivityLogIn User: When a user signs up the app will take four videos to prove your lifts in the gym: 1. Bench Press  2. Squat 3. Deadlift 4. Over Head Press Step 2 - displaying and updating user data  Under the surface: The videos are stored in different files for each compound lift with the key being the FirebaseAuth.getInstance().id. Adding and removing listeners on the current logged in user data.  User: The above user input information is then stored in Firebase Cloud Firestore and can be accessed and updated in the profile activity/page.  ...
Read more