This is a Proof of Concept (PoC) Django application that connects to Azure Active Directory (AD) for user authentication and retrieves a list of users using the Microsoft Graph API. It uses cookie-based session management, so no database is required for session storage.
Before running this PoC, ensure you have the following:
- Azure AD Tenant: Access to an Azure Active Directory tenant (company or personal).
- Azure App Registration: An Azure AD application registered with the necessary API permissions (
User.Read
). - Python: Python 3.7+ installed.
- Django: Installed and set up on your machine.
- Required Packages:
requests
,django
,python-decouple
git clone https://github.com/your-username/ad-poc.git
cd ad-poc
pip install django requests
pip install python-decouple
- Log in to the Azure Portal.
- Go to Azure Active Directory > App registrations > New registration.
- Register your app:
- Name: Provide a meaningful name (e.g.,
DjangoAzurePoC
). - Supported account types: Choose Accounts in this organizational directory only.
- Redirect URI: Set to
http://localhost:8000/get_token/
.
- Name: Provide a meaningful name (e.g.,
- Once the app is created, go to Certificates & Secrets and generate a new client secret. Make sure to note the secret as it will only be visible once.
- Go to API permissions and add the following Microsoft Graph API permission:
- Delegated Permissions:
User.Read
- Grant admin consent for the permission if required by clicking on Grant admin consent.
- Delegated Permissions:
- Note down the following details from your Azure AD app registration:
- Client ID (Application ID)
- Client Secret (from the secret value created in Step 4)
- Tenant ID (found in Overview or Endpoints)
- Create a
.env
File: In the root directory of your Django project, create a file named.env
to securely store your Azure AD credentials. This prevents sensitive information from being hardcoded in your source files.
.env File Example:
AZURE_CLIENT_ID=your_client_id # Replace with your Azure Client ID
AZURE_CLIENT_SECRET=your_client_secret # Replace with your Azure Client Secret
AZURE_TENANT_ID=your_tenant_id # Replace with your Tenant ID
AZURE_REDIRECT_URI=http://localhost:8000/get_token/ # Must match the registered Redirect URI in Azure AD
Run the Django development server using the following command:
python manage.py runserver
This will start the server on http://localhost:8000/
. You can visit this URL in your web browser.
- Open your web browser and go to
http://localhost:8000/login/
. - You will be redirected to Microsoft's login page. Enter your Azure AD credentials to log in.
- After successfully logging in, you will be redirected back to your app's
get_token
view. The application will exchange the authorization code for an access token and store it in the session. - You will then be redirected to
http://localhost:8000/get_users/
, where you can view the list of users from your Azure AD.
Make sure to handle any errors that may occur during the login or token retrieval process.