Azure Active Directory–How to protect a Web Application without Code

In this post I would be demonstrating how to protect a web site without any code changes.


  • High Protection Web Site will not serve any html, js, css files without Authentication  (MSAL protection causes few MSAL JS to be served to do authentication – this may be restricted by Information Security groups of Enterprise class customers)
  • Same Code can be deployed multiple places as the Authentication pieces being decoupled

Create Web Application

Create a web application of ASP.NET or Angular.

Publish to Azure

Publish to Azure so that an App Service is created.

Set the Authentication


Test the Application

Now you can test the application & the login prompt happens.


In the background the App Service is adding Redirect URL

Client Side Applications

For client side applications, you can always refer the following URL to get the current ID Token for the Authenticated User.  It can also be used as Access Token as the Audience is same as Client ID.


In this post we have seen how to do No Code protection of web application using Azure Active Directory.