Imagine you have e.g. a Java Web Application running on App Services in Azure.
Based on the requirements from business the application should not be open to all end users. You only want to allow users that are in your Azure AD tenant to access it.
In other words, your users must authenticate in order to access the application.
Azure App Service provides built-in authentication and authorization support using EasyAuth, so you can sign in users and access data by writing minimal code.
This module handles several things for your app:
Authenticates users with the specified provider
Validates, stores, and refreshes tokens
Manages the authenticated session
Injects identity information into request headers
To turn on “Easy Auth”, in the Azure Portal, click on “App Services”.
Click on the app service you want to have authenticated.
In the settings, click on “Authentication / Authorization”.
Now when you navigate to your application, you will be redirected to the Azure AD login screen. This was achieved with a few clicks. There was no need to alter and re-deploy any code and no knowledge is required about any of the authentication protocols.
Hence the name “Easy Auth”.Technically:
“Easy Auth” is implemented as a native IIS module that runs in front of your application. When enabled, every HTTP request dispatched to the IIS worker process must first pass through this module. If you are not authenticated, you get redirected.
The authentication and authorization module run in the same sandbox as your application code. When it’s enabled, every incoming HTTP request passes through it before being handled by your application code.
Limitations:
EasyAuth is available only under app services hosting option. If you want to deploy your application under another hosting plan you need to use MSAL(Microsoft Authentication Library)
EasyAuth acts like a black box. If it does not work it is very hard for the developer to understand/debug in which layer the problem resides.
References:
Comments