External authorization works on Azure - how to replicate on localhost - asp.net

I have an Azure website (built using VS2015 Community) which uses "social" login for authentication.
I have successfully deployed a working PoC to azure which happily authenticates the user using the Google+ or Microsoft Account authentication services - i.e. the Azure app service is configured correctly to support social login from these two providers.
The problem is that I don't know how to replicate this for development on localhost; when clicking on one of these links (e.g. the MS one) the browser navigates to http://localhost:60380/.auth/login/microsoftaccount and I unsurprisingly get HTTP Error 404.0 - Not Found.
Question: is there a way I can configure my solution/local environment to authenticate using social authentication whilst running on localhost? Service providers such as Google seem to have no issue letting you specify localhost addresses.
My website has some very basic authorization checks that I want to perform, and I obviously want to do this on my dev environment first.
For your reference - HTML / Login links:
Microsoft Account
Google Account
Google API Manager Config - Authorized JavaScript origins
https://[my site].azurewebsites.net
http://localhost:60380

According to your description, I assumed that you are using Authentication/ Authorization of Azure App Service which provides you with an easy way to protect your application without changing any code on your app back-end.
As I known, when your app hosting on Azure then you could take advantage of the "Easy Auth" feature. But while developing locally, I assumed that you need to write your code to support "social" login for authentication. For more details, you could follow this tutorial.
Additionally, you could follow this Architecture of Azure App Service Authentication / Authorization and this tutorial for a better understanding of Easy Auth.

The integrated identity support is a feature of App Service that cannot easily be moved to localhost development. If you need to test locally on your dev machine, you'll need to simulate the identity component yourself.
If you are building a mobile app, there is some support for local debugging which might be helpful: https://github.com/Azure/azure-mobile-apps-net-server/wiki/Local-development-and-debugging-the-Mobile-App-.NET-server-backend
Otherwise, I suggest you create a second web app to use for integrated development/testing. It's not as convenient, but Azure App Service does support remote debugging, etc, through Visual Studio.

I've been battling through the same process. Feels to me like this is a gap - I'd love to see the .auth pipeline included as part of the dev environment.
Currently, I use this the method defined here - https://weblogs.asp.net/pglavich/easy-auth-app-service-authentication-using-multiple-providers, and whilst clumsy, it works for me.

Related

"Adding sign-in with Microsoft" example does not work on my working VDI

Good day everyone!
Background: I have old legacy ASP.NET MVC on premise application running on local windows IIS. I'm investigating ways to integrate this application with Azure AD authentication. As far as I can understand (Windows IIS integration with Azure AD) it's not possible to do it directly because of the Azure AD authentication can be added at the application level only. So I'm thinking integrating one of the MSAL library for adding Azure AD authentication.
Using this windows manual (Quickstart: Add sign-in with Microsoft to a web app), I've downloaded sample windows application (ASP.NET code sample) from this learn page and tried to run it within the Visual Studio 2022 in debug mode on my azure virtual work machine (based on VDI platform).
And Azure AD authentication does not work. When I click "Sign in with windows" button on the start application page, I get the error:
Server Error in '/' Application.The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.
Requested URL: /login.aspx
This sample works fine on my local laptop in exactly the same state. I suggest that any security utilities might be the reason, but I don't know how to check it. I can't disable security apps on my working machine, and maybe there are any restrictions on the network level I don't even know nothing about.
Could somebody suggest any ways to solve this problem? Or maybe still ways to find the reason of this problem?
Thank you in advanced!

Single Sign On with Identity Provider vs Integrated Windows Authentication with IIS

I'm working on on-premise web application (front end hosted on IIS) that currently uses traditional form-based authentication. Our client wants the application to support "single sign on", which basically means he wants the users to automatically log in to the application. AFAIK there are two ways I can take to achieve the desired effect:
Most articles that I found suggest using some kind of Identity Provider system (like Active Directory Federated Services), which my application can communicate with over SAML/OIDC in order to obtain user's claims.
On the other hand, I could set up IIS to use Integrated Windows Authentication and get user claims directly from Active Directory through Kerberos/NTLM. This approach seems easier.
Given that my application will not be used outside of intranet, it is hosted in environments using Microsoft products (Active Directory, Windows Server, users using Windows machines), is there any reason I should consider the first approach?

My custom Webpage for Oracle Cloud Application can be accessed from anywhere

I programmed (on JDeveloper Studio) a custom page for Oracle Cloud Application R13 and it is working like a charm. I deployed my customization on my Oracle WebLogic Server but I couldn't help to notice the website I created was HTTP and not HTTPS when I opened it from Oracle Cloud Application. On top of that, I also noticed I could access this custom webpage from anywhere (using any device) without any security verification or login as long as I use the same URL with its token.
I would like to know how to make my custom webpage's url not being accesible just with its URL and also make it HTTPS instead of HTTP if possible.
WebLogic Version: 12c
Oracle Fusion Application version: 11.13.18.10.0
JDeveloper version: 11.1.1.7.0
I believe this might have to do something with the WebLogic configuration, since I tested the same java project on Java Oracle Cloud SaaS Extension and it doesn't have this problem. Whenever I try to open that webpage from any other device, it asks me for login credentials. I am currently working with Oracle Java Cloud. (it is not the SaaS extension version) that's why I have this problem.
Have you configured security for your application in JDeveloper? If not then your page and application is considered public and not private.
As for HTTPS, weblogic server uses 2 ports one for HTTP and an other one for HTTPS.
Regards

Difference Between Azure Web Site and Azure Cloud Service

I'm about to migrate several separate ASP.NET 4.0 Web Forms applications to Azure. Several are apps using SQL Server 2008. I'm seeing "conflicting" tutorials for this:
Deploying an ASP.NET Web Application to a Windows Azure Web Site and SQL Database
vs
Deploying an ASP.NET Web Application to a Windows Azure Cloud Service and SQL Database
This StackOverflow question goes some way towards explaining this. However, there have been several changes to Azure in recent months and I'm not sure how up to date the information is.
I want as simple a migration process as possible because of the number of sites I have to migrate. Is there a situation where I would have to use the Cloud Service route?
Aside from what the linked-to answer provides: You have to go the Cloud Service route if there are apps you need to install (e.g. an MSI, COM object, etc.). There's simply no facility to do this with Web Sites. In Web Sites, you cannot alter the VM instance at all. With Cloud Services, you have lots of flexibility to install software, alter IIS behavior, pretty much anything you need to do (as long as the installs can be automated).
One point which can be very valuable if you consider migration of ASP.NET 4.0 Web Forms applications - Microsoft Azure Websites do no support SSL for custom domains yet. That might be a blocker for your migration work to the Websites service.
Note that Windows Azure is very dynamic environment with great number of new features coming every new release. In order to be up-to-date I would suggest following ScottGu's Blog to find out about new features and their release dates.
EDIT
Windows Azure Website supports SSL for custom domains now. SSL Certificates and SSL bindings can be configured in Configure tab.
You can also read more about SSL configuration for Azure Website at Configuring an SSL certificate for a Windows Azure web site.

Not able to make an HTTP access to SQL Server Analysis services 2008 on Windows Server 2008 via IIS 7

My intention is to access the SSAS Database without Windows authentication. The user outside the domain should be able to access the cube and built PIVOT tables around it. Thus I found that we can use HTTP access for this purpose.
I followed each and every step mentioned on the following links
http://msdn.microsoft.com/en-us/library/gg492140.aspx
http://bloggingabout.net/blogs/mglaser/archive/2008/08/15/configuring-http-access-to-sql-server-2008-analysis-services-on-microsoft-windows-server-2008.aspx
When I try to hit the URL in Mgmt Studio --> Analysis Services
http://localhost/olap/msmdpump.dll. I am getting the "Connection time out" and "404 error"
I went to MSDN forums for the same problem but no concrete results.
How do I test whether my SSAS 2008 is accessible with HTTP access.
Please help!!
I don't have a lot to go on from your question, but if I had to guess I'd say you probably didn't switch from integrated to classic in the application pool settings which left your handler mapping disabled giving you the 404.
I would start simple on your local development machine and follow the instructions allowing anonymous access to the site. Make sure that your site uses an application pool that has access to the cube in analysis services. Additionally, you cannot use the integrated pipeline in IIS, you will hve to use classic. When you create your script mapping (under Handler Mappings) in IIS, make sure that you follow the directions carefully from the following URL:
http://msdn.microsoft.com/en-us/library/gg492140.aspx
I just followed the instructions and it worked for me.
Switching on Anonymous authentication will work to grant access to the site, however I would suggest you use at least Basic HTTP authentication or even Windows Authentication. Just note, if you're using a remote SSAS instance (not on the same host), a double-hop authentication is required. For that, you will have to register SPNs and enable Kerberos authentication.
You find out how to do that by following the links referred to under
Microsoft - Configure HTTP Access to SSAS
Greetings,
Remo

Resources