SSO with multiple azure web apps

1
votes

I have a WEB API which acts as Authorization server (OAUTH claims based) for one of the ASP.NET MVC Client App. API is written in such a way that it is capable of providing authentication for any client app configured in the database. Both Web api and client app are deployed to Azure as web apps and are functioning as expected.

Now I have a second MVC Client App which also will be deployed to Azure web app. my question is how do I implement SSO for the second app when the user logins in first app 

webapp1 Login page      --->   
                              WEB API OAUTH Claims authentication 
      user logs in      <---  

webapp2 (needs SSO)--- >?

Do we need to have a VM in Azure or Active Directory in Azure in order to achieve this?

2
azuresingle-sign-onazure-active-directoryazure-web-app-service
I'm not very aware of how your authorization server works. But I konw that you can use AAD to let you SSO with Multi Azure Web Apps if you login with AAD. E.g. Both Web App use Easy Auth with AAD and if you login web app1 , you will SSO web App2.Wayne Yang
@WayneYang-MSFT - my authorization server is based of Microsoft Identity which issues claims if the user is registered and exists in the database when a login request comes in. Also, the client app which is passing the user credentials also has to pass the clientid and client secret to authorization server in order to validate itself as a configured client in our dbBala P

2 Answers

1
votes

Per my understanding, AAD is a good choose as Wayne Yang - MSFT commented to achieve your purpose.

According to your comment, I assume that you could leverage the IdentityServer framework to implement single sign-on. I just followed this tutorial to implement SSO. Here are the screenshots:

enter image description here

During the implementation, I encountered the issue about IdentityServer3 logout with PostLogoutRedirectUris not working, I followed this similar issue PostLogoutRedirectUri not work #1121 to make it work as expected.

Details you could follow IdentityServer3 Samples about IdentityServer3.AspNetIdentity to use ASP.NET Identity for identity management under IdentityServer3. Moreover, you could also follow IdentityServer4 for ASP.NET Core.

0
votes

The first case: Your second client App has the same domain with the first one.

  We can use session to save the authentication information(OAuth access token, refresh token, etc) when someone access the first client App. 

  Then, when he/she access the second client App, we can use the same authentication information to do authentication.

The second case: Your second client App has different domains with the first one.

  We can create a SSO Server to use session to save the authentication information like the first case.

Here is the Flow chart for your reference.

enter image description here

About introduction of SSO, here is an article for your reference: About SSO