How to allow my Azure web application to access Active Directory?

1
votes

I have a WebForms application that uses Active Directory for authentication and authorization. It works just fine on localhost, but fails when I attempt to access the site once published to Azure. I have ensured that the application is registered with Azure Active Directory. The app launches and works as expected if I don't attempt to get the AD security groups of the current user. Here's the code in the Page_Load event of the Site Master that is causing the issues:

protected void Page_Load(object sender, EventArgs e)
    {
        PrincipalSearchResult<Principal> groups = UserPrincipal.Current.GetAuthorizationGroups();

        IEnumerable<string> groupNames = groups.Select(x => x.Name);

        if (HttpContext.Current.User.Identity.IsAuthenticated)
        {
            HyperLink newphaud = LIV.FindControl("liaNewPhaud") as HyperLink;
            HtmlGenericControl liadmin = LIV.FindControl("navAdminsDdl") as HtmlGenericControl;

            newphaud.Visible = (groupNames.Contains("SG1") || groupNames.Contains("SG2"));

            liadmin.Visible = groupNames.Contains("SG1");
        }
    }

Here's the exception detail:

System.Runtime.InteropServices.COMException: Access is denied.

Here's the stack trace:

[COMException (0x80070005): Access is denied.
]
   System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +399115
   System.DirectoryServices.DirectoryEntry.Bind() +36
   System.DirectoryServices.DirectoryEntry.RefreshCache() +45
   System.DirectoryServices.AccountManagement.PrincipalContext.DoMachineInit() +211
   System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +128
   System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +31
   System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +14
   System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) +90
   System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue) +32
   System.DirectoryServices.AccountManagement.UserPrincipal.get_Current() +191
   phaud.SiteMaster.Page_Load(Object sender, EventArgs e) in C:\Users\user1\source\repos\phaud\phaud\Site.Master.cs:19
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +51
   System.Web.UI.Control.OnLoad(EventArgs e) +95
   System.Web.UI.Control.LoadRecursive() +59
   System.Web.UI.Control.LoadRecursive() +131
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +678

What do I need to do to allow my Azure web app to access AD?

1
asp.netazureactive-directory

1 Answers

0
votes

Please do note that Azure AD != Windows AD. From the code it does seems that your app is accessing the local Windows AD. So when you are in Azure you have basically two options 1) Use Azure AD API for authentication and get the User Info 2) You can have a separate Windows VM running the Windows AD which then would be accessed by your Azure Web App.

If I were you I would have explored the first option. Hope it helps