Can on-premise Active Directory(AD) operate as a user store for an Azure website using membership services?

0
votes

I have a MVC3 ASP.NET 4.5 web application on Azure Websites.

Can on-premise Active Directory(AD) operate as a user store for an Azure website (WAWS) using membership services?

What happens to the roles, which I currently use as attributes on actions.

Any enlightenment appreciated?

EDIT

Just found that one can configure Membership services to use AD as the membership store, ie:

<connectionStrings>
  <add name="ADConnectionString" connectionString="LDAP://testdomain.test.com/CN=Users,DC=testdomain,DC=test,DC=com" />
</connectionStrings>

Whether this would work into an on-premise AD store I am unsure.

1
asp.net-mvcazureactive-directoryazure-web-app-service

1 Answers

1
votes

Your AD instance would have to be accessible from the internet, which seems like a bit of a security risk.

Normally what you are trying to do is accomplished via federation. A couple of options:

  1. Deploy AD FS on-premises to serve as an internet-accessible authentication proxy for your AD instance.

    • Pro: Somewhat easier to set up
    • Con: Your app must connect from the Azure datacenter to your on-premises data center for every directory read

  2. Synch your on-premises directory with your Azure AD and point your app at that.

    • Pro: Directory is in closer proximity to your app
    • Con: Somewhat more complicated to set up

Disclaimer: This is from the application/developer perspective. I'm sure there are other factors to consider from the directory perspective.