Azure AD Support
Radzen Blazor applications support authentication and authorization against Azure AD.
- Radzen application users can login via their Azure AD credentials.
- Radzen application developers can implement authorization via Azure AD groups.
Blazor server-side
Enable Azure AD security
To enable Active Directory support in Radzen follow these steps.
- Click the security link at the top right corner (next to data).
- Select Azure AD from the provider dropdown.
- Enter all details (ClientSecret is required only if you have a data source with Azure AD security).
- Click the Save button.
You can get the ClientID and TenantID of your application from the Azure Portal in App Registrations.
- Find your application
- Click it to open the settings
- Use Application (client) ID for ClientID
- Use Directory (tenant) ID for TenantID.
Add http://localhost:5000/signin-oidc
as a Redirect URI in your Azure app registration. Remember to also register the final Redirect URI after deploying your application.
Specify the access of a page
Radzen allows you to specify what groups can access a specified page.
- Create Azure AD application roles by following the official documentation.
- Right-click a page in Radzen and select the Properties menu item.
- Specify what custom roles can access the page.
Use API protected by Azure AD
Once you have enabled Azure AD security for your Radzen Blazor application you can use a data source that requires Azure AD login. To do that you have to set the ClientSecret setting in the Security configuration page.
You can create a client secret from the Azure application settings.
When you define the Azure AD protected data source in Radzen simply check “Azure AD” as authentication method. You don’t need to enter any further configuration. Radzen will use the one from the Security settings.
Blazor client-side
Enable Azure AD security
First setup your Azure AD configuration as specified in Microsoft’s Secure an ASP.NET Core Blazor WebAssembly standalone app with Azure Active Directory help article. Keep node of the application ID, tenant id and scope name. A key difference from Radzen Server is that you need to create two Azure AD applications - one for the server-side (API) and one for the client-side (front-end).
- Click the security link at the top right corner (next to data).
- Select Azure AD from the provider dropdown.
- Enter all details. Use the Microsoft help article linked above to obtain the required ids.
- Click the Save button.
Specify the access of a page
Radzen allows you to specify what groups can access a specified page.
- Create Azure AD application roles by following the official documentation.
- Right-click a page in Radzen and select the Properties menu item.
- Specify what custom roles can access the page.
Important! If you need to access the user role in the server-side project that Radzen generates you have to create the same role in the API Azure AD application that you have created.
Troubleshooting
In certain configurations Azure AD requires the redirect URI to be HTTPS. In such cases you may see “Invalid location” error after logging in. To solve the problem
- Enable HTTPS in your Radzen application settings.
- Change the Redirect URL in Azure AD to
https://localhost:5000/signin-oidc