1. How to add Azure AD as web app authentication provider?


    In Azure, you can manage authentication for your web applications using Azure Active Directory (AD). To do this, you will need to set up an Azure AD Application and a Service Principal, which Azure uses to authorize resources.

    Firstly, the Azure AD Application represents an identity created for your application in the Azure AD.

    Secondly, the Service Principal is an instance of the application in a tenant and represents a concrete identity used for running processes or accessing resources.

    Thirdly, you can use the WebAppAuthSettings resource from the azure-native to enable Azure AD authentication for your Azure Web App.

    Here is a TypeScript program that does these tasks:

    import * as azuread from "@pulumi/azuread"; import * as pulumi from "@pulumi/pulumi"; import * as azurenative from "@pulumi/azure-native"; // Create an instance of an Azure AD Application. const application = new azuread.Application("application", {}); // Create an instance of an Azure AD Service Principal. const servicePrincipal = new azuread.ServicePrincipal("service-principal", { applicationId: application.applicationId, }); // Set up the Azure Web App. const appName = "my-app"; const resourceGroup = "..."; // replace with your resource group name const site = new azurenative.web.WebApp(`${appName}-webapp`, { name: appName, resourceGroupName: resourceGroup, serverFarmId: `"/subscriptions/<subscription_id>/resourcegroups/${resourceGroup}/<...>", // replace with server farm info }); // Enable Azure AD authentication for the Azure Web App. new azurenative.web.WebAppAuthSettings("webapp-auth", { name: site.name, resourceGroupName: resourceGroup, enabled: true, clientId: servicePrincipal.id, });

    Reference: Azure Active Directory Service Principal

    Reference: Azure Active Directory Application

    Reference: Web App Authentication Settings

    After running this code, the application you created will be authorized to manage resources via Azure AD. The WebAppAuthSettings configures the Azure AD as the authentication provider for your Azure Web App.

    Please replace placeholders <...> with appropriate values, like your Azure Subscription ID, or the ID of the Azure App Service Plan (which is referred to as serverFarmId in this code).

    A few things to clarify: The resourceGroup is the name of the resource group in Azure where your web app will be hosted. You need to replace "..." with the actual resource group name. If you don't already have a resource group, you can create one using the script, but you need to know the region you want to create it in.

    The serverFarmId property is the Azure Resource Manager ID of an App Service Plan. If you don't already have an App Service Plan, you need to create one (either through the Azure Portal, Azure CLI, or using Pulumi).

    Make sure that the Azure AD Application and the Service Principal are in the same Active Directory as your web app.