I have an application built in .NET (C# and ASP.NET). We offer our own register/login login, but a client that just signed up with us requested support for ADFS since that's the authentication service they use across their company. This is brand new to me.
How can I add support for ADFS on my application? I'm guessing my client will provide the new users a link to click that I'll have to process for the SSO?
What would my client need to do on their end? (i.e. add groups and assign our future users to those groups?)
What .NET (or 3rd party) libraries can I use?
Thank you!
You could do this with OpenID Connect OWIN but ADFS 3.0 doesn't support this. So you need WS-Fed (WIF).
The easiest way to do this is with VS.
Create a new ASP.NET project and for "Change Authetication" select the on-premises option.
Use the On-Premises Organizational Authentication Option (ADFS) With ASP.NET in Visual Studio 2013.
Obviously ADFS needs to be configured. You need to find out what attributes the application requires in the form of claims.
Code sample which is similar for Azure AD - Integrating a web app with Azure AD using WS-Federation.
Related
We have a SPA(Single Page Application) with a .net core web api backend.
We want to use Azure AD for the authentication and authorisation as we will have at least 3 separate clients using AD, but looking online there is no definitive approach and its like piecing together a 50,000 piece jigsaw!
I have setup the azure api with Authentication and Authorisation, as shown in the image below, but is this the right place? as I believe I want this in the web API code, so I can then get the claims (permissions/roles) specific to the application.
There is mention of Identity but do I want to use Identity? as this sounds like it is your own database and not AD.
Should we be using B2C or B2B authentication? and does this support authorisation, as the end goal is to definer custom claims specific to the application, so we can grant and deny specific actions.
What you are using now is the built-in authentication for Azure App Service. You can sign in users and access data by writing minimal or no code in your web api. But it is not appropriate for complex scenario.
As you want to custom the application permissions/roles to specific users, it is recommended that you protect your webapi with Azure AD yourself. It is more flexible to custom your authentication. You can refer to this sample,the TodoListService part.
Should we be using B2C or B2B authentication?
Azure AD B2B is not a separate service but a feature in Azure AD.
Azure AD B2C is an independent service for building a consumer application identity repository. If you need a service to handle email or Facebook login – it is there for you.
Based on your description, I guess Azure AD is your option.
Reference:
Add authorization using app roles & roles claims to an ASP.NET Core web app thats signs-in users with the Microsoft identity platform
Compare B2B collaboration and B2C in Azure Active Directory
I watched this video on pluralsight
https://app.pluralsight.com/library/courses/authentication-authorization-aspnet-core/table-of-contents
This helped to make a bit more sense of it, actually near the end he shows that you can just create a .net core web app and then change authentication and choose a multi Azure AD option as shown in the below example. This then just works out the box! Not fully for a Vue Single page app though which is still a problem.
I'm trying to develop many projects under one solution on asp.net and I want to be authenticated just on the first project (Demarrage) then having authenticated immedialtly in the others projects. I'm using Windows authentication.Project Overview Link
As far as I know, if you enable the IIS windows auth and use IE or Chrome to access the web application. The browser will auto store the windows credenticial and use it to login in. That means you just need to login in once and it could access other web application.
If you want to enable a SSO for both windows auth and other auth mode. I suggest you could consider using identity server. The Identity server is an OpenID Connect and OAuth 2.0 framework. It could Single sign-on (and out) over multiple application types and it support windows auth.
Details about how to use it with windows auth, you could refer to below article:
http://docs.identityserver.io/en/latest/topics/windows.html
We have a webforms (.net 4.5) application which uses membership for user authentication which we host ourselves. Our clients have Active Directory and ADFS which they host in their own networks, they require our software to use single sign on authenticating against their ADFS server. I'm looking for steps on how to implement this so we can continue to use our normal membership login but use SSO where available.
There's a lot of info out there and I honestly don't know where to start. Cheers.
I wrote up something very similar to this:
OWIN : ASP.NET MVC application with multiple authentication options
Basically, use the OWIN Identity stacks to support whatever protocols you want.
Note that this application (RP in ADFS speak) still needs to be configured on the ADFS side.
I am completely a novice about Asp.net and Azure platform. I created a simple web application in VS2013 and deployed it to Azure web application. When I try to open my url (xxx.azurewebsites.net) it shows me a login page that my local application does not consist.
I digged some info about it, but due my knowledge level of web development and Azure platform, I did not understand the problem. It seems Azure Active Directory should be used, but I am not certain about it.
My question is, is there a way to skip the login page? If not, how can I define credentials to my application to be accessed?
Thank you.
As far as I know, Visual Studio 2013 offers several authentication options (No Authentication, Individual User Accounts, Organizational Accounts and Windows Authentication) for the Web Forms, MVC, and Web API templates.
According to your description, it seems that you select Organizational Accounts option for your application, which will configure the application to use Windows Identity Foundation (WIF) for authentication based on user accounts in Azure Active Directory (Azure AD, which includes Office 365) or Windows Server Active Directory. If you don’t want authentication for your application, please choose No Authentication option when you create the project.
I am creating an MVC5 web app that needs federated authentication. We are using Okta. When I create a new Web App, I choose 'Organizational Accounts' for authentication, 'On-Premises', for On-Premises Authority I put in the URL of the Okta meta data, for App ID URI I put in 'https://localhost/Okta', which is what is configured in Okta for the relying party.
When I proceed to create the solution I get an error box titled 'Enable Organizational Authentication' and inside it says 'userSelection.SecurityTokenServiceMetadata.SecurityTokenServiceDescriptor' and that is all. No output in my output window to help.
Can anyone help me get connected to Okta when creating a new MVC5 app in VS2013?
What you probably want to do is add support for WS-Federation to your MVC5 application.
Here is a guide to configuring WS-Federation in Okta. Since you are using MVC5, you'll likely need to set up WS-Federation in OWIN.