Has anyone implemented a project using Azure for user registration and authentication?
I can see how it would work well in an Enterprise application, but it seems as if there is no easy way to enable "self registration"
It looks like it is intended to work with an on premises AD solution, or alternatively for new users to be added using the Azure management portal.
Can anyone give me the benefit of their experience?
WAAD is a fully implemented solution for what I think you are trying to do, but created in a way very different than the "Active Directory" server product that it shares a name with. Take a look at the Windows Azure Active Directory Graph API, which is the RESTful management API for WAAD. With Graph API you would be able to create a fully functional application authenication system to meet your needs.
Overview
http://msdn.microsoft.com/en-us/library/windowsazure/hh974482.aspx
API Reference
http://msdn.microsoft.com/en-us/library/windowsazure/hh974478.aspx
Links, Examples, etc
http://msdn.microsoft.com/en-us/library/windowsazure/hh974476.aspx
Related
I am working on a ASP.NET (Blazor) server which is connected to Azure. The user management works perfectly fine and the data gets written and read to/from Azure. Anyway, I just started to work on user roles.
My first approach was to have a table in the database which contains all my users and I store my custom roles there as well. But with this approach I cannot use the Identity Platform to its fullest.
The second idea was that I use the role management directly from Azure AD. This would give me the possibility to use the Identity Platform better. But in our tool we need to manage the users and roles. Therefore, I need user roles to be updated in our app and then synced with Azure AD.
I searched around regarding this but did not find any solution regarding this. Maybe my approach is completely wrong from the get-go and someone has a completely different idea.
Usually in the Blazor Server projects where I use the Microsoft Identity Platform I use the Azure RBAC (Azure role-based access control).
You can manage the roles using the Azure Portal or the Azure Graph API, you can check Microsoft's documentation for this one too at Add app roles to your application and receive them in the token.
Note: Just learning Identity so please bear with me. We are developing a Web API for use by apps that we build and apps built by our clients. I have the local engine working the way I want so that any "client" app could use our API to login in.
What I cannot seem to get to work is external login providers without being presented with a login page. Is it possible to converse with them in API only mode or is this type of setup out of the question? What I don't want our client's apps to have to do is know how to manage the logins to use our API.
I know this may be similar to a few other questions out there but I do not see one with our particular need.
Thanks,
Paul Speranza
If your api needs to have authentication in place then you would need some kind of registering done by the consumers of your api. But you could provide seamless ways to integrate login by not providing any additional form requirements from the client application. Popular login methods today are using social networks. Web api does support out of the box support for integrating with the social networks.
You can find a sample for using facebook authentication here
I've a website solution separated into two parts - one part is for clients and the other is for service administrators. For the former I would like to use the integrated Form Authentication and for the latter Windows Azure Active Directory that syncs with the on-premise AD server.
Is it possible to specify two directories (locations) that use Form Authentication and Azure AD respectively?
PS: A similar example would be the Windows Azure Management portal, which allows you to log in either with an organizational account either with a Microsoft account.
I guess one solution might be using the "location" tag in Web.config and disabling the inheritance of authentication mode, though I haven't figured out how to get it working up till now.
As long as you can define a web.config with the right authentication mechanism for each module then you should be able to achieve what you want. Note that the logins for the Azure Portal are always claims-based regardless of source (organisational or Microsoft Account).
I know such questions have already been asked many times, but I am here with my scenario. Kindly do not delete or vote to close.
I have an asp.net application with L2S and SQL 2008 R2 as backend
Using N-Layered architectured
Mostly normal crud operations to be performed.
Use of Sessions and View States
Manual Login / Logout(User and Roles management) , no .net Membership has been used.
No services used yet, might be a later part.
Third Party controls like Telerik or Infragistics also are in use.
I want to know:
Do i need to change entire application to Azure Web Application?
If not, is it possible to deploy it directly over the cloud , on MS or any other, as we normally do in IIS?
If not, Is there any third party migration tool available to make my plain old web application cloud-compatible, without affecting existing codes ?
I want cost effective and easy to go steps?
Thanks in advance
Yes that should be possible. You almost certainly do NOT have to change your whole application.
Linq2SQL is fine, I run an Azure site with L2S without any problems
You'll have to deploy your DB to a SQL Azure database. There are some restrictions, like all of your tables must have a primary key. A bigger list is here: http://msdn.microsoft.com/en-us/library/windowsazure/ee336245.aspx.
Also, when generating your SQL scripts, be sure to select SQL Azure as the database engine type: http://mooneyblog.mmdbsolutions.com/index.php/2011/09/22/generating-azure-friendly-sql-scripts/
What do your N-layers look like? If they are DLLs, it's fine. If they are web services, you'll need to create web roles for them. If they are windows services, you'll need to port them to a worker role.
Most crud and view state and manual authentication code is fine
For session, it depends on what you are doing (memory vs database). But you'll have the same challenges that you would have if you deployed to any web farm
For Telerik, I'm sure they have to have some support for Azure, and I don't think they would be doing anything crazy that would not work Azure. You should check out their website to verify compatibility.
Also, make sure you are not writing to the hard drive anywhere and expecting it to be there later, because instances can be started and stopped and reimaged at any point. If you're doing that, you'll need to change it to use something else like blob storage.
I have an ongoing series of blog posts that walk through some of the steps, which should help: http://mooneyblog.mmdbsolutions.com/index.php/category/azure/
Good luck!
I don't see any hassles to deploy your web application into the cloud.
You don't need to convert your entire application to anything else.
After all you can just try to deploy it now with the trial subscription in Windows Azure which is free for three months.
There is a fairly big stuff of new technology in Windows Azure such as service bus, azure storage, access control service, etc. However it's not necessary to use all them right now. It's prety easy just to move the existing app into the cloud.
You can deploy it to Azure web site.
That should be easier if you don't want to use SQL Azure and cloud storage.
I have a custom web "portal" that is essentially a webapp built primarily using JSP/Tiles, Spring/MVC, and Hibernate. It runs on an Apache/Tomcat, MySQL stack. I have the portal within quotes because this is not truly a portal in the same sense as a Liferay, Glassfish or whatever portal server. But essentially what looks like a portal to a business user and one that pulls in data from several 3rd party systems through custom system integration.
I am now looking to add a community module to this "portal". A key piece of this requirement is to federate identity between this "portal" and the community server. Further, to facilitate a seamless single sign-on from the "portal" to the community. My preference is to keep the choice of community software to java-based and open source. Liferay is one example of it. JForum is another though it is limited to just discussion forums and not other modalities such as blogs and wikis.
Presently, the custom "portal' provides its own authentication/authorization mechanism based on user information in the MySQL database. It appears that for a scalable and flexible account provisioning across multiple systems, I am better of refactoring this to be based on a CAS-based authentication supported by a directory server such as OpenLDAP. It seems like with this approach I might be able to integrate with a community server such as Liferay.
If I extend my choice of community server to a PHP-based solution such as Drupal, can I accomplish the same result through a CAS-based approach? Any recommendations on how to federate identity (and enable SSO) between a custom Java webapp and Drupal? Entry point (login) for a user to the community will only be through the custom "portal".
CAS is a very popular method. Here is a Drupal module to support SSO into a Drupal installation.