| Package | Version | Downloads |
|---|---|---|
| Aliencube.Azure.Extensions.EasyAuth |  |
 |
| Aliencube.Azure.Extensions.EasyAuth.EntraID |  |
 |
| Aliencube.Azure.Extensions.EasyAuth.GitHub |  |
 |
Azure services like Azure App Service, Azure Functions, Azure Container Apps and Azure Static Web Apps offer a built-in authentication service called EasyAuth.
While EasyAuth significantly reduces the time for implementing authentication, because it protects the entire application, you can't protect only specific pages or components.
To give granular controls over individual pages or components, there have been attempts to figure out this issue from developer communities, and here are some resources:
- EasyAuth for App Service by Maxime Rouiller
- EasyAuth for Azure Container Apps by John Reilly
- EasyAuth for Azure Static Web Apps by Anthony Chu
They are still mostly valid, but need to be updated to use the latest .NET features.
By focusing on two services – Azure App Service and Azure Container Apps, this repository gives several libraries that are easily integrated with your existing ASP.NET Core applications, leverage the Azure EasyAuth features and give fine controls to each page and component.
- .NET 9 SDK or later
- Visual Studio 2022 or Visual Studio Code with C# Dev Kit
- Azure CLI with Bicep extension
- Azure Devloper CLI
- GitHub CLI
- Docker Desktop
- For Windows users, PowerShell 7 or later
-
Fork this repository to your GitHub account and clone this repository to your local machine.
gh repo fork aliencube/azure-easyauth-extensions --clone
NOTE: You must be logged in to GitHub beforehand. If not, use the command,
gh auth login. -
Get into the cloned repository.
cd azure-easyauth-extensions -
Login to Azure.
# Login to Azure via az CLI az login# Login to Azure via azd CLI azd auth login -
Make sure your az CLI and Bicep CLI are up-to-date.
# az CLI az upgrade --allow-preview true
# az bicep CLI az bicep upgradeNOTE: If you see an error while upgrading Bicep CLI, install it first with the command,
az bicep install. -
Deploy sample apps through azd CLI.
azd up
NOTE 1: You will be asked to provide Azure subscription and location.
NOTE 2: You might be facing an error like
app-registration.bicep(1,11) : Error BCP400: Fetching types from the registry requires enabling EXPERIMENTAL feature "ExtensionRegistry".. If you see this error, set up an environment variable like:# Bazh/Zsh export AZD_BICEP_TOOL_PATH="~/.azure/bin/bicep"
# PowerShell $env:AZD_BICEP_TOOL_PATH = "~/.azure/bin/bicep.exe"
-
Once deployed, visit both web apps hosted on Azure App Service and Azure Container Apps. Then, navigate to the
/weatherpage, and you'll see the401 Unauthorizederror. -
Navigate back to the home page and click the "Login" button at the top. Once you sign-in, navigate to the
/weatherpage again and see the content. -
Clean up all resources.
azd down --force --purge
Blazor is used for explanation, but you can apply it to your ASP.NET Core web app as well.
-
Add a NuGet package to your Blazor web app project.
# For EasyAuth with Entra ID dotnet add package Aliencube.Azure.Extensions.EasyAuth.EntraID# For EasyAuth with GitHub dotnet add package Aliencube.Azure.Extensions.EasyAuth.GitHub -
Open
Program.csof your Blazor app, find the line,var app = builder.Build();, and add the following lines just above the line:// 👇👇👇 Add EasyAuth handler with Entra ID below. builder.Services.AddAuthentication(EasyAuthAuthenticationScheme.Name) .AddAzureEasyAuthHandler<EntraIDEasyAuthAuthenticationHandler>(); builder.Services.AddAuthorization(); // 👆👆👆 Add EasyAuth handler with Entra ID above. var app = builder.Build();
// 👇👇👇 Add EasyAuth handler with GitHub below. builder.Services.AddAuthentication(EasyAuthAuthenticationScheme.Name) .AddAzureEasyAuthHandler<GitHubEasyAuthAuthenticationHandler>(); builder.Services.AddAuthorization(); // 👆👆👆 Add EasyAuth handler with GitHub above. var app = builder.Build();
-
In the same
Program.csof your Blazor app, find the line,app.Run();, and add the following lines just above the line:// 👇👇👇 Add authentication/authorization below. app.UseAuthentication(); app.UseAuthorization(); // 👆👆👆 Add authentication/authorization above. app.Run();
-
Open any Razor page component and add the following lines:
@page "/random-page-url" @* 👇👇👇 Add the lines below *@ @using Aliencube.Azure.Extensions.EasyAuth @using Microsoft.AspNetCore.Authorization @attribute [Authorize(AuthenticationSchemes = EasyAuthAuthenticationScheme.Name)] @* 👆👆👆 Add the lines above *@
-
Use Azure Portal, and make sure that you have enabled the EasyAuth feature and allow unauthenticated access.
-
Alternatively, use Bicep to enable the EasyAuth feature and allow unauthenticated access.
// For Azure Container Apps resource containerappAuthConfig 'Microsoft.App/containerApps/authConfigs@2024-10-02-preview' = { name: 'current' parent: containerapp properties: { globalValidation: { requireAuthentication: true unauthenticatedClientAction: 'AllowAnonymous' } } }
// For Azure App Service resource appServiceAuthConfig 'Microsoft.Web/sites/config@2022-03-01' = { name: 'authsettingsV2' parent: appService properties: { globalValidation: { requireAuthentication: true unauthenticatedClientAction: 'AllowAnonymous' } } }
-
Deploy the app to either Azure App Service or Azure Container Apps, navigate to the page that you enabled authorization and see the
401 Unauthorizederror. -
Sign-in the web app, navigate to the page again and see no error.
This repository currently doesn't support:
- EasyAuth for Azure Static Web Apps
- Publish NuGet packages
- Implementation for Entra ID
- Implementation for GitHub
- Implementation for OpenID Connect
- Implementation for Google
- Implementation for X
- Implementation for Facebook
- Implementation for Apple