I already have more than 10 applications developed using ASP.NET. There are different versions for frameworks 2.0, 3.5 and 4. Currently I need to apply single sign on on all of my applications using Windows Azure Active Directory SSO. But I do not know what the code or library should be added to my application to be configured with the Azure SSO. Do I need to re-develop my application or recreate it with different versions? Does anyone know what I should do?
Different .NET frameworks should not be a problem. You should be able to implement SSO for all of these applications, but you will need to add it individually to each one. You will need to add it in the code of the application itself and then register each application to your tenant.
Here is a very good tutorial that shows you step by step how to add SSO to a published web application in Azure using OpenID Connect. You can follow the steps exactly and build their demo version to test it out, or follow their steps at the bottom that show how to implement SSO in your own application.
https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect
Here is the official Microsoft documentation, which also describes how to implement SSO: https://learn.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps
Alternatively, if you want to use a library that is already integrated with Visual Studio, you can go to Project > Add Connected Service > Authentication with Azure Active Directory.
The "SSO" in this case refers to SAML. To do SAML in C#, look into Windows Identity Foundation (WIF), which includes some SAML support.
Note that doing SAML SSO involves more than just dropping in the right kind of username/password field. You need to have additional special pages to handle certain redirects, and have a way to store exchange saml metadata with your Azure AD identity provider. It can be painful.
Related
I have a traditional ASP.NET 3.5 Web Forms application. As of now it is using On-Premise ADFS which is working fine. Now we have a requirement to change on-premise ADFS to Azure ADFS.
In the web.config, I have changed the required URL to point to Azure ADFS but it is not working. I checked Stackoverflow and Googled around but I found examples related to ASP.NET MVC and ASP.NET Core where changes are required in Startup.cs file.
I want to know what all changes are required in my traditional Web Forms application. Any example link would help.
You should be able to get it working by using the Azure AD parameters rather than the ADFS ones e.g. metadata. What protocol are you using?
There are some ADFS samples. Look at the LHS under ADAL and MSAL. These generally start with an Azure AD sample and show how to convert to ADFS. So you can then work "backwards".
Update
I had a look at that code. It looks like OIDC? "Redirect_Uri" is not a WS-Fed parameter.
There is a WS-Fed sample here.
I am developing a web app with boilerplate "dotnet core" version. I want to authenticate user with adfs. I've searched on Google and the Boilerplate forum. But I didnt find any detailed info. I am newbie to abp.
Here is a very nice explanations and sample project using dot net core with Azure ad integration using open connect.
https://azure.microsoft.com/en-in/resources/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore/
You might also be interested in this sample: https://github.com/azure-samples/ms-identity-aspnetcore-webapp-tutorial/
This newer sample takes advantage of the Microsoft identity platform (formerly Azure AD v2.0).
While still in public preview, every component is supported in production environments.
This sample shows how to build a .NET MVC web app that uses OpenID Connect to sign-in users from a single Azure Active Directory (Azure AD) tenant using the ASP.NET Core OpenID Connect middleware.
For a quick start you can use below command
git clone https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect-aspnetcore.git
Flow
Hope it helps.
My client is using shibboleth for other software systems ( eg. Library service, photocopying facilities, study material databases ). He wants my web application also be configured with shibboleth so that a single identity can be used throughout the system for a user.
I am new to Shibboleth. I don't know how to start. what are the steps needed to fit it in my application (asp.net , vb ). i have read the docs provided by shibboleth. but don't know the starting steps.
I don't know nothing about Shibboleth, but I would do the following: first check if Shibboleth provides any authentication APIs. If yes, integrate with them, otherwise integrate with Shibboleth database directly and implement customized authentication for ASP.NET application.
i just found one nice article about online chatting application with converse.js i read it's documentation and i like it. how ever i just have doubt it is there this chat facility can supported with asp.net 4.0 web site. Here i just want to know about in details is it supported with .net application.
here it's tells XMPP Chat server. Is there any additional cost for purchase it. After that how i setup this server for chat facility. here it's gives advice for identity i have to manually register user with it and i can use with my own web site.
Is there any one have idea how i implement this to my web site. Step By Step
Please help me..
Since you mentioned Asp.net so I am assuming you are talking about windows platform. I am using Openfire for XMPP messaging since last 5-6 years now and it is very easy to use and stable XMPP server. You can install it on your server and then configure Converse.js and XAMPP in conjunction with it to get web client chat feature. I referred this link to configure XAMPP along with Openfire: https://community.igniterealtime.org/docs/DOC-2954
Basic steps:
1. Install Openfire
2. Install XAMPP and configure as given in above link
3. Configure Converse.js in Asp.net application
I'm working on a project using ASP.Net MVC5 which also includes a Web API. The API will be for internal use only. I'm using the OWIN library to provider authentication.
I'm having a difficult time figuring out how to correctly implement authentication through the API. I was planning on using OAuth 2.0 but the problem with OAuth is that the user needs to login through a browser page instead of a native login screen. So I was wondering if it is possible to somehow skip the browser.
I've found this example which creates it's own OAuth Authorization Server. But it doesn't show how to make the login native.
If it's a highly trusted client, then you can use the OAuth2 resource owner password flow. You can look at the VS2013 SPA template and/or read on this post:
http://leastprivilege.com/2013/11/13/embedding-a-simple-usernamepassword-authorization-server-in-web-api-v2/
You could use Thinktecture.IdentityServer v2 as a light-weight security token service.
https://github.com/thinktecture/Thinktecture.IdentityServer.v2
You will need to create a WOPI host, which is basically a software solution that can take advantage of the browser-based Office(office web).
Create a custom WOPI host and configure it to use Office Web Apps Server to provide the browser-based file viewing and editing for Office files.
Nice sample on Microsoft MSDN