Securing REST WebApi2 service with Azure Active Directory

Question

I am currently developing a WebApi 2 service which is hosted in Azure. I now need to add Authentication and ideally Authorization to this service. I was expecting to be able to do this with Azure Active Directory but have a number of questions

1. Will my users have to login via the standard Azure sign in portal?
2. Will my users be forced to use specific email domains (ie microsoft) when creating an account?
3. Will I be able to programatically add a user into the directory along with Authorization info (aka rights management)?
4. Will I programatically be able to modify a users details such as forgotton password etc

Sorry for the general question, but I am stuck trying to find out if I am looking at the right technology to be able to meet these requirements. If not, would really appreciate any suggestions on what to use instead.

Answer 1

Will my users have to login via the standard Azure sign in portal?

Yes, but the branding of the portal can be changed in the basic and premium editions of Azure AD.

Will my users be forced to use specific email domains (ie microsoft) when creating an account?

No, you can register your own domain and associate it with a directory. Or you can sync on-premise accounts to an Azure AD directory and use those email addresses.

Will I be able to programatically add a user into the directory along with Authorization info (aka rights management)?

Yes, using the Graph API you can create and manage users. You can also assign them roles or make them part of a security group.

Will I programatically be able to modify a users details such as forgotton password etc

Yes, using the Graph API.