I am working on a ASP.NET (Blazor) server which is connected to Azure. The user management works perfectly fine and the data gets written and read to/from Azure. Anyway, I just started to work on user roles.
My first approach was to have a table in the database which contains all my users and I store my custom roles there as well. But with this approach I cannot use the Identity Platform to its fullest.
The second idea was that I use the role management directly from Azure AD. This would give me the possibility to use the Identity Platform better. But in our tool we need to manage the users and roles. Therefore, I need user roles to be updated in our app and then synced with Azure AD.
I searched around regarding this but did not find any solution regarding this. Maybe my approach is completely wrong from the get-go and someone has a completely different idea.
Usually in the Blazor Server projects where I use the Microsoft Identity Platform I use the Azure RBAC (Azure role-based access control).
You can manage the roles using the Azure Portal or the Azure Graph API, you can check Microsoft's documentation for this one too at Add app roles to your application and receive them in the token.
Related
We have used ASP.NET Identity Management in a website. It is used to authenticate users as well as manage their Roles to access specific functionality of website.
My question, Is Cognito something that meant for similar purpose? Can it replace ASP.NET Identity Management? Does it hold functionality for creating, managing and assigning Roles to users to access specific features/pages of my website?
Thanks for any help.
Overall, the functionality is very similar although there might be some subtle differences. Cognito allows you to add authentication to your application. And with the new groups feature, it allows particular users to have access to specific resources.
I have created an ASP.Net web app and hosted it on MS Azure where users sign in and are able to log into the system. I am not using Azure AD or on-premise AD but using Azure SQL database. Users are registering on the web app as normal users. I would like to know if there is a way to integrate Azure Multi Factor Authentication with my custom written app.
Any clarifications required, please ask.
From your question it sounds like you're using some kind of ASP.NET identity feature which uses a SQL database as the backend. If so, then you might want to take a look at this article:
http://www.hanselman.com/blog/AddingTwoFactorAuthenticationToAnASPNETApplication.aspx
It shows in detail how to configure multi-factor authentication for an ASP.NET application using ASP.NET Identity 2.0. It should work regardless of whether you're hosting on premise or in Azure.
If you're asking how to integrate Azure AD Multi-Factor Authentication into your existing ASP.NET identity subsystem, then I fear that may not be possible unless you take a dependency on Azure AD as your identity subsystem.
I've got a .Net application running inside a Citrix environment and I need a way to identify the user logged on to the citrix client using forms authentication. Is this possible? I've seen some post regarding a Citrix SDK but not sure if solves my issue...
I'll preface my statements by saying I know next to nothing about ASP.NET and Forms Authentication (which from brief Googling appears to be a way to implement custom auth in ASP.NET).
Any app running a Citrix session will have access to the identity of the user. It will be running as the users' identity already and so you can query the current security principal to see who the current user is. You don't need to use any special Citrix SDKs. It's a common assumption by devs that they need to do special stuff as soon as their app is running under Citrix. However in most cases you can develop your app as-if it were running on the users' local desktop, and just deploy it on a Citrix server instead.
So for a regular .NET desktop app you can use properties like: Environment.UserDomainName and Environment.UserName to get details about the current user. Other stuff of interest is System.Security.Principal.WindowsIdentity, you can use the GetCurrent() static method to get the current users' identity.
Now as I said initially this maybe different for your case as it sounds like forms authentication is some kind of custom auth mechanism, so what I've said may not apply. But hopefully I've given you some useful pointers.
Has anyone implemented a project using Azure for user registration and authentication?
I can see how it would work well in an Enterprise application, but it seems as if there is no easy way to enable "self registration"
It looks like it is intended to work with an on premises AD solution, or alternatively for new users to be added using the Azure management portal.
Can anyone give me the benefit of their experience?
WAAD is a fully implemented solution for what I think you are trying to do, but created in a way very different than the "Active Directory" server product that it shares a name with. Take a look at the Windows Azure Active Directory Graph API, which is the RESTful management API for WAAD. With Graph API you would be able to create a fully functional application authenication system to meet your needs.
Overview
http://msdn.microsoft.com/en-us/library/windowsazure/hh974482.aspx
API Reference
http://msdn.microsoft.com/en-us/library/windowsazure/hh974478.aspx
Links, Examples, etc
http://msdn.microsoft.com/en-us/library/windowsazure/hh974476.aspx
I was tasked with creating an SSO solution from an existing asp.net app to a new sharepoint 2010 app.
The existing asp.net app uses forms authentication, but not against a single data source. It checks a database, active directory and a few mainframe tables to authenticate, and finally creates a forms authentication ticket.
I was looking to share the token between sp2010 and the asp.net app, but I am now realizing this is not possible, due to the fact the sp2010 does not use simple FBA tokens any more.
So now I am looking to go the STS and claims-based route. After looking in to it a little, I understand that using ADFS would be much better than building a custom STS for the asp.net side. My issue is that since I have the custom ticket creation authentication method on the asp.net side, I don't have a single data source to "feed" the adfs. I am new to sharepoint and adfs and I really don't know how to begin this type of integration.
Can anyone help me get my head around this?
Thank you!
ADFS attribute stores might solve your problem, although for this to make sense you would ideally integrate Windows Identity Foundation (WIF) into your application, which might be an intrusive change.
http://technet.microsoft.com/en-us/library/adfs2-help-attribute-stores(v=ws.10).aspx
In short, ADFS is not limited to AD for collecting user data. You can configure it to query other user attribute stores, such as your database. You can then author rules within ADFS to tell it what queries to make, and ADFS will use these queries to populate user claims into the token that ADFS issues to your application.