We have an Active Directory domain sitting on a networked Azure VM and have a separate Azure WebApp/Website that is running Orchard CMS on the same virtual network.
Do webapps support windows authentication for connecting to Active Directory? If so, how do I go about setting it up in IIS?
No, it's not possible. In order to have Windows Authentication is something for on-premise deployments. For Azure Web Sites Azure Active Directory is clearly the best option. Sync from AD to Azure Active Directory is also quite easy to setup.
If you still want to absolutely use Windows Auth and host your website on Azure, you can create Windows VM and host your website there. You then need to join the VM to your AD. To this, both VMs must be in the same network. So if your VM is on-premise you will need to create an site-to-site VPN
Yes, you can connect your web app to Azure Active Directory.
The simplest option is Azure Easy Authentication
http://azure.microsoft.com/en-us/documentation/videos/azure-websites-easy-authentication-and-authorization-with-chris-gillum/.
That's a one click way to authenticate your site.
You could setup Active Directory Federation Services for Windows AD, and use SAML or OpenID Connect. It would prompt the user for their windows credentials
Related
I am quite new to azure and need a quick pointer to how to host an asp.net website in Azure VM. Thanks for your help in advance.
A little background...
We were using a windows server 2012 R2 and were hosting the site in IIS 6. This was an intranet site. Now we are migrating to public cloud so that it is accessible over internet. For this we have acquired an Azure VM (Windows OS). We have installed Visual studio 2013 and SQL server 2012 here. I have installed azure core SDK too.
Here are my questions:
What do I use instead of IIS to host? (Because I am not able to find any related app in azure VM)
Do I need to buy any more licenses for the same?
Should I host it in IIS only and because it is in public cloud, will it be accessible over internet?
Appreciate your help!
Since you have chosen the Infrastructure as a service ( IaaS) route you have to simply replicate the setup that you have on premises.
if IIS component is not there you just have to enable it in windows features.
If you do not want to use IIS you can explore self hosted asp.net applications.
Since you have chosen the Windows server VM image and created the VM you do not need to pay for anything additional for windows license.
By default only 2 endpoints( ports) will be open in a Windows VM. 1 for remote desktop and other for powershell remoting.
refer this post for enabling endpoints for you hosted applications.
https://learn.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-classic-setup-endpoints
You have two options basically
Use Azure Paas - Here you would host your existing application as a Cloud service using a web role and a Azure SQL Database. This might mean some changes to the existing application but would need less management from you. You can find the migration steps here
Use Azure Iaas - This is pretty much what you are trying to do. Host your application to a VM and manage all the required software (IIS,Sql server etc) on your own. Although this option might be easier in terms of migrating your application it involves managing the infrastructure on your own. Here is a link on how to install IIS on a Azure VM.
You don't need any additional licenses since you are paying for the VM which includes all required licenses. In case you decide to use SQL Server as Iaas you can also use your existing SQL Server license when running SQL Server on an Azure VM.
I would like to use Windows authentication to access an ASP.NET application, hosted in a Windows Container (in Windows Server 2016 TP4). For this, I presume I need to add the container to the Active Directory domain. Is it all possible to add a Windows Container (or Hyper-V Container) to a domain? There is no clear documentation from Microsoft on this, and I myself tried adding the container to the domain using PowerShell, but with no luck.
If domain joining a Container is not supported, is there any alternative way to enable Windows Authentication in a web application hosted in a Windows or Hyper-V Container?
Any input will be highly appreciated.
Microsoft recently provided a solution for containers accessing resources using domain credentials: group managed service accounts.
Although Windows Containers cannot be domain-joined, they can also
take advantage of Active Directory domain identities similar to when a
device is realm-joined. With Windows Server 2012 R2 domain
controllers, we introduced a new domain account called a group Managed
Service Account (gMSA) which was designed to be shared by services.
Additionally, here's a guide that walks through the specific steps in detail, covering the following:
Deploying containers with an emulated domain identity is simple, and
based around existing workflows using Windows Server and Active
Directory.
Deploying this feature requires:
An existing Active Directory domain, running at Windows Server 2012 or
later functional level
Windows Server 2016 with the Container role and
Docker installed. This will be referred to as a Container host. These
hosts need to be joined to the domain.
This guide will cover the
following steps to deploy a container in detail:
Create a group Managed Service Account in the Active Directory for
each application/service
Give each container host access to use the
group Managed Service Account
Add configuration files on each
container host that store details about the group Managed Service
Accounts. These will be referred to as Credential Specs
Start
containers with a parameter telling which credential spec to use
Extract of the Windows Containers - Work in progress
"Containers cannot join Active Directory domains, and cannot run services or applications as domain users, service accounts, or machine accounts."
How can I access web services hosted on IIS express from a remote computer? I do not have admin privileges in the host machine.
Is there any setting/configuration with which I can make this available over the network?
Without administrator permissions you are stuck. You must be able to change firewall settings at least,
http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx
I have to develop a ASP.net application and need to authenticate users using LDAP.
I don't have a windows server installed . I wonder how I can test my code from my local laptop
Any suggestions ??
You can install Active Directory Lightweight Directory Services (AD LDS) It has almost the same features that an AD server. http://msdn.microsoft.com/en-us/library/bb897400.aspx
It's quite easy to install it. You can download it for windows 7 or it's already in windows 8, you just have to turn the feature on from "Program and Features".
Then you can manage the ad instance using a tool called ADSI Edit, and for aspnet authentication just the ActiveDirectoryMembershipProvider.
I've developed a simple web service and hosted it on one of my machines in a LAN environment, but when i try to access the web service from another machine within LAN i got a prompt asking for username and password, web service is configured to be accessed anonymously. It is working fine on the machine where it's hosted. What's wrong with the settings, am i missing something?
This is a web service written in ASP.NET and hosted on IIS in machine say 192.168.1.1 and i wanted to access it on 192.168.1.2, the address of the web service is 192.168.1.1/myService/service.asmx but it keep displaying me username/password prompt.
Make sure that you have the Anonymous Authentication feature enabled in IIS: Enable Anonymous Authentication
I encountered the same problem. We were using "Windows Authentication" and could not use "Anonymous Authentication" for this project.
We were deploying an msi to test on VM's. I added the pre-compiled version of the 'asmx.cs' to the /bin directory of the installation. I only added the 'asmx' file to the root directory and this worked for me.
Hope that helps.