I am building a .net mvc web app on Azure. Currently my client asked for login to the application with their user accounts which they login to the windows.
I've searched couple of solutions but none of them works for me.
Azure AD needs to synchronize accounts. We don't want this.
AD FS needs to be installed on the server as far as i know it's also sycnhronizing.
Is there any method to login on-premises active directory users to Azure App without ADFS stuff and any synchronizing process?
If I understood correctly, you were developing an web app and deploy it to Azure.
Is there any method to login on-premises active directory users to Azure App without ADFS stuff and any synchronizing process?
I don't thinks it is possible. Since the Azure and on-premises are two different environment.
A easy way is using the Azure AD connect which doesn't require to install the ADFS. And there is an Password synchronization option in its Express settings which will sync the account from on-premises to cloud with password. Then you can protect your web app with Azure AD and it enable the users to sign-in with the accounts synced from on-premises or which created in the cloud.
Related
Microsoft has announced its intention to turn off SMTP AUTH:
https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online
This change will affect an application I wrote for internal use by employees of the company. The app pulls info from the company database and merges the data into an email which is sent to designated business partners. The app connects to the Outlook SMTP server and, at present, is authenticating with account-name and password.
The app is launched from an intranet web server using ClickOnce and is set to be "available only online".
According to the documentation for setting up OAuth authentication, the application must be registered on the Azure Portal in order to obtain an OAuth token which would be used by the app when authenticating on the SMTP server.
Will this portal registration have any impact on how the application is made available to the users? Can we continue to launch the app from an intranet web server using ClickOnce?
EDIT: The following documentation appears to address some aspects of my question but I don't know, for sure, what is meant by "if you're not registering the application in a directory" and "outside of a directory" in the context of ClickOnce deployment where the application package is placed in a folder on the web server:
https://learn.microsoft.com/en-us/graph/auth-register-app-v2
Accounts in this organizational directory only
Select this option if you're building a line-of-business (LOB)
application. This option is not available if you're not registering
the application in a directory.
This option maps to Azure AD only single-tenant.
This is the default option unless you're registering the app outside
of a directory. In cases where the app is registered outside of a
directory, the default is Azure AD multi-tenant and personal Microsoft
accounts.
I'm in the process of migrating an ASP.Net MVC app from windows authentication to Azure AD Authentication.
One of the requirements of the app is that some parts of it are accessed on a kiosk in a warehouse and it should auto-login to the web app. With windows authentication and the correct internet settings we can use the domain user to login without any prompt and the kiosk is then authenticated and has some specific roles to access only the parts of the app we`re interested in.
Is it possible to achieve the same result using Azure AD authentication, as in have a user logged in to a local AD, possibly to azure AD via powershell, automatically be logged in to an ASP.Net MVC app that uses Azure AD for authentication without any prompt?
I'm looking at any way to achieve the result of no login prompt for the kiosk user which is both in the local AD and azure AD.
Thanks
We have a company web-site developed in ASP.NET MVC that currently allows our customers to login using login name and password. These customers are in our SQL Server database. The customers once logged in can use our services.
We would like to authenticate our customers using Azure Multi-Factor Authentication feature.
How can we implement Microsoft Azure Multi-Factor authentication in our use-case ?
Is it required that our website should be deployed on Azure App service.
Thanks,
Gagan
Take a look to this Add sign-in to Microsoft to an ASP.NET MVC web app.
Or
Configure your App Service or Azure Functions app to use Azure AD login for a simplified setup.
You don't need Azure Web Apps to enable MFA, you can enforce MFA using Conditional Access Policies or similar Azure AD features.
You can then add an Id column into your SQL database user table to store the Azure AD User Object Id (which you can obtain from his Azure AD token sub claim) as a reference for future operations.
Currently, We have iOS application that connects to web backend developed using .Net Core 2 where it allows authorized users to download contents from the web and view through the iOS application. User management is happening through a local SQL database.
Now we have started to integrate Azure AD to our application and all web users were able to authenticate using Azure AD successfully. But our problem is how to enable Azure AD authentication to the iOS client. We found many samples in the Microsoft Azure site which explained how a Native app can directly communicate with Azure AD. But what we required is authentication to be done through our backend.
Can some please help us with this?
If I have an Office 365 Business plan, can I build an ASP.NET MVC and authenticate against Office 365 AD? or do I still need to create a separate AD on Azure and connect to it?
If you have an Office 365 account, you have an Azure Active Directory. When signing in to Azure, you'll have to make sure you choose to use your admin organizational account (and sign up for a free trial if you haven't yet done so). Once in the Azure portal, click on 'Active Directory' and you will see that you already have a directory.
Now, as far as MVC web application, check out the Azure Active Directory Samples on GitHub. Also be sure to look at some different scenarios which are documented on MSDN. In particular, I'd recommend looking at the WebApp-GraphAPI-DotNet which is a MVC application authenticating with OpenID Connect against Azure AD, and using this to query the AAD Graph API for details.
(Edit: updated links to new material.)
I would recommend you to get a azure enterprise account and you should federate your users to Azure AD and then register your MVC application with Azure Active directory to get single sign-on capability.