Authenticating a PHP Web App with Azure Active Directory and Azure Mobile Services
One option would be to have your PHP app serve a page using the Mobile Services JavaScript SDK and have it perform the login.
You'll get the same token that you would in your mobile app. To your question on authorization, as long as you're making subsequent backend calls through the Mobile Service, you will get the exact same authorization rules as you have defined on that service.
The token will be client-bound, and you'll likely want to get it back to your server for making calls. The actual Mobile Services token is located in client.currentUser.authenticationToken
, and you can set this as a cookie in the javascript code and then retrieve it on your PHP backend in a subsequent call.
Calls to the Mobile Service (via the REST API) from your PHP backend just need this token set in the X-ZUMO-AUTH header.
This approach should work for all providers, including AAD. MFA should not be a problem in this case.
Azure B2C integration with PHP
To deploy the PHP Web Application using Azure AD B2C,follow the below steps :
Install PHP, Laravel (it's web framework).
Create a Web App in Azure Portal B2C blade by noting the ClientID and Client Secret from the Application.
Clone and customize the source code from github:
git clone https://github.com/Azure-Samples/active-directory-b2c-php-webapp-openidconnect.git
Download the latest version of the php security library in your repo.
To deploy into Azure, you need to set-up the Deployment settings by selecting Local Git Repository and setting up the username and password for deployment.
git init
andgit remote add azure [deployment url]
commands are used to set up deployment to azure.git push azure master
to deploy online.Instead of depending on their own code, developers can rely on B2C for consumer sign up and sign in.
Using OpenID Connect, we can validate the authentication token of the users connected with the Azure B2C of the PHP Web Application.
Please refer this GitHub article for code and more information.
Azure Active Directory MFA
If you have not already registered the php app in azure ad like below:
Quickstart: app registration-general- Microsoft identity platform | Microsoft Docs
Go for app registration in azuread .
- Set Redirect URI like https://your.domain.name/oauth.php
- Copy the client ID and tenant ID, to paste in _OAUTH_TENANTID and _OAUTH_CLIENTID in config.inc.
- In Certificates & secrets page copy the secret value by adding a new secret,which cannot be accessed later.So copy when created.
- Paste this into _OAUTH_SECRET within config.inc. Make sure _OAUTH_METHOD contains 'secret'.
You can see detailed info in here in Katy's Tech Blog .
See PHP Azure AD login with demo site (using oAuth)-GitHub reference for code configuration details.
For including multifaction authentication**(MFA)** :
- You may Go to azure ad > enterprise apps and check for the app you
have just registered and create a policy to include MFA Requirement
which asks users for additional authentication with the methods you
enables like sms, phone call etc
next
Or you can directly go for conditional access and select app required while creating access policy.
After all set up in conditional access, make sure to Enable policy and save ,to start authenticating with azure ad which requires MFA.
Also check references:
- Azure AD authentication with PHP using Microsoft Graph. a single PHP page
- Deployment considerations for Azure AD Multi-Factor Authentication | Microsoft Docs
- Integrate Azure Multi-Factor-Authentication in website to authenticate its users - Stack Overflow
Related Topics
Access MySQL Field's Comments with PHP
Where to Use MySQL_Real_Escape_String to Prevent SQL Injection
Wordpress Remove Robots Meta Tag Noindex
How to Get/Set Session_Id() or Should It Be Generated Automatically
Easiest Way to Implode() a Two-Dimensional Array
Symfony: Change Database Dynamically
How to Fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon
PHP MySQLi Commands Out of Sync; You Can't Run This Command Now
Remove Everything Except Letters from PHP String
Unable to Scrape Content from a Website
Php/Apache: PHP Fatal Error: Call to Undefined Function MySQL_Connect()
How to Change the Name of an Element in Dom
How to Add More Custom Field in Linked Product of Woocommerce
PHP - Make Multi-Dimensional Associative Array from a Delimited String
PHP - Is "Include" Function Secure