Windows azure active directory single sign on with ASP.NET

1
votes

I have a multiple applications was developed using ASP.NET all application are using a default security module to be more clear each application has his own DB which contains a table for the users and the login page using this table to authorize the users "username & password" and all the applications are deployed under the same domain. Currently we are working to apply the SSO solution to be applied in all applications. i have research for a good way to apply it without change and amend the current application security module. i have found the Windows azure active directory single sign on which needs to have active directory account for each user. the questions are.

1- What the changes that should be applied in my applications to use the SSO knowing that the applications are developed with different version (ASP.NET 2008 , 2010 , etc...) ?

2- I thing we have to do some kind of mapping between the current users table with the active directory user account, is that right ?

3- is there any changes that will be made on the current login screen ?

Thank you.

1
asp.netazuremodel-view-controllerauthorizationsingle-sign-on
Any update or comments please ..Mohammad Sa'ed Naboti
Any idea please regarding to the SSO.Mohammad Sa'ed Naboti

1 Answers

1
votes

1- What the changes that should be applied in my applications to use the SSO knowing that the applications are developed with different version (ASP.NET 2008 , 2010 , etc...) ?

As far as I know, the identity support owin login. If your application used identity, then you could use OpenID Connect to sign-in users from a single Azure Active Directory tenant, using the ASP.Net OpenID Connect OWIN middleware.

After use login successfully, the identity will automatic fill user information into the User.Identity.Claims.

If the user access the second application, the application will automatic send the request to get the user information from AD according to the client cookie. This enable the SSO.

But if you use membership, the membership doesn't support owin login. So if you want to use azure AD login,I suggest you could increase the application .net framework version and use identity.

More details about how to enable azure AD login, you could refer to this article.

I thing we have to do some kind of mapping between the current users table with the active directory user account, is that right ?

This is according to your requirement. After use login in the azure AD account,you could use below codes to get the user information. Then you could map the user or something else.

[Authorize]
public ActionResult SomeAction()
{
    var identity = (ClaimsIdentity)User.Identity;
    IEnumerable<Claim> claims = identity.Claims;
    ...
}

3- is there any changes that will be made on the current login screen ?

You could enable a button in the login page to redirect the user to the azure AD login page.

More details, you could refer to this code sample.