This document discusses implementing Azure Active Directory (AD) authentication in cross-platform applications developed with Xamarin. It recommends using the Active Directory Authentication Library (ADAL) to handle authentication complexity. The steps outlined are to register an app in Azure AD, set up a Xamarin project, implement ADAL, create a login page, and access Microsoft APIs. Code samples show implementing the ADAL interface differently for platforms and using tokens to call the Microsoft Graph API. The presenter aims to demonstrate AD authentication working across platforms.
3. Why?
• Securing your business applications
• Access resources like Office 365, Yammer and Microsoft Graph
• You don’t need to have extensive
knowledge of authentication
• Focus on building your app
4. Active Directory Authentication Library
• Enables developers to easily authenticate users against the cloud or on-
premises AD
• It handles mostly all complexity of the authentication
• Returns access tokens to execute secure API calls
• Many features like
• Handles the login screen (including your organization page)
• Asynchronous support
• Configurable token cache for storing access and refresh tokens
• Automatic token refresh when access token expires
• Available on a variety of platforms like .NET, JavaScript, OSX, iOS,
Android and node.js
5. Xamarin [‘zæmərɪn]
• Allows developers using Visual Studio and C# shared codebase to
create cross-platform applications
• Support of platforms as iOS, Android, Windows 8 and Windows 10
• Acquired by Microsoft on February 24th 2016
• Use Portable Class Libraries or Shared Asset Projects to write code
once for all platforms
• Possible to write platform specific code
6. Steps
• Register your application in Azure AD
• Setup Xamarin project
• Implement ADAL
• Create a login page
• Implement code for
accessing Microsoft Groups
7. Register your application in Azure AD
• Specify name, type of application
and redirect URL(s)
• Select the permissions to other
applications
• Client ID is generated
• Client ID and Redirect URL
combination is used during
authentication
8. Setup Xamarin project
• Create a Xamarin project
• Since February 2016 it is
possible to create
Universal Windows app
• Use Xamarin.Forms Portable project
• Remove any not used projects
• Install the NuGet package Microsoft.IndentityModel.Clients.ActiveDirectory
• V3.9.302111717-alpha
9. Authenticate with ADAL
AuthenticationContext ac = new AuthenticationContext(string authority);
• authority URL of the authority
• Calling https://login.microsoftonline.com/common without the tenant id will allow your app to be multi-tenant
AuthenticationResult authResult = AcquireTokenAsync(string resource, string
clientId, Uri redirectUri, IPlatformParameters parameters));
• resource the URL of the requested resource
• clientId and redirectUri Azure AD registration
• parameters Platform specific parameters
• Attempts to return a token for the requested resource
based on caching or refreshing old tokens
• If necessary an Azure AD sign page is shown
to acquire a request token
10. PlatformParameters
Platform Parameter(s) Value
iOS Reference to a
UIViewController
UIApplication.SharedApplication.KeyWindow.RootView
Controller
Android Reference to an Activity (Activity)Forms.Context
Remark: You will need to override the OnActivityResult
method in MainActivity.cs and call the
WebAuthenticationBrokerContinuationHelper class.
Windows Phone No parameters N/A
Windows 10 (Universal) PromptBehavior,
OrganizationOnly
PromptBehavior.Auto, false
11. Implement ADAL
• ADALAuthentication class
• Contains the logic for authentication with ADAL
• IADALAuthenticator interface
• Implement the interface per platform to provide the platform specific
PlatformParameters
13. Create a login page
• Use a Xaml forms content page
• Place a (login) button on the page
• Use DependencyService.Get<>(…) method
to retrieve an instance of that interface
within the current platform
• Authenticate and request
access to Microsoft Graph
using the resource URL and
the information you got from
your Azure AD registration
14. Implement code for accessing Microsoft Groups
• Use the access token you got from your
authentication call
• Define a request based on
• Get= https://graph.microsoft.com/v1.0/groups
• Application/json
• Bearer = access token
• Use NuGet package NewtonSoft.json
16. Wrap up!
• ADAL allows you to easily implement authentication in your cross-
platform application
• Be aware of your implementation when using a PCL. Platform
specific code is not allowed in your PCL
• PlatformParameters differ per platform
• For a complete walkthrough check my post
http://www.appzinside.com/2016/02/22/implement-adal-for-cross-
platform-xamarin-applications/