Adding SSO to an existing MVC application

2
votes

We have an existing MVC application which is used by multiple customers.

Currently, each customer is given a URL to our application e.g. https://myapp/mycustomername.

When they go their, they are presented with a login screen.

For some customers (not all) we want to implement SSO, and authenticate their users against their active directory, so that they never see the login screen (unless the SSO authentication fails).

Most customers won't be using this functionality.

My first question is: is this do-able? Is it possible to have an MVC application which uses both SSO and forms authentication?

If so, can anyone point me to any links explaining the process?

I've seen some good information, such as this tutorial but I can't find anything that matches my scenario.

Thanks.

1
asp.net-mvc-4single-sign-onmulti-tenant

1 Answers

0
votes

This is surely a do-able task.

The steps would be

  1. Identify the tenant name from the URL
  2. Get the Identity Setting
  3. If forms authentication, show them the login page
  4. If SSO enabled, redirect to their ADFS URL

When you onboard your tenant, you will have to maintain the following metadata

TenantName
AuthenticationType : {forms / ADFS}
SSO Url
SSO Federation Metadata URL 
etc

We did one such implementation that supports ADFS, Social Logins with Forms Authentication too.