I've got an ASP.Net MVC Web app that I've migrated from Forms Authentication to SSO with Azure AD (OpenID connect) that is working fine locally and on stage environment, until I enable Azure Front Door and then the callback from Azure AD SSO is blocked.
Azure Front Door is set to Prevention mode and is using the default managed rule set (DefaultRuleSet_1.0)
Have I got some configuration wrong somewhere? Thanks.
Related
I am looking to implement Azure AD B2C into my web application for user authentication.
However, I am unsure of the desired practice when you have a separate frontend from backend.
Frontend: React JS web application running on Node.js
Backend: ASP.NET Core 6 API application
Server: Microsoft SQL Server
I would like to also have users / user information stored in the database upon creation. This is because I need to reference these users in several different relational tables.
What is the best workflow with this?
Azure AD B2C is implemented in frontend. When a user is created, an API request is sent to the backend to create the user in the database. If it is successful, a user cookie is created on the frontend for authentication.
Azure AD B2C is implemented in the backend. When a user is submitted in the frontend, an API request is sent to the backend where the Azure AD B2C service creates a user, stores it in the database, and sends a callback to the frontend signifying the action was either successful / unsuccessful, along with a user cookie for authentication.
other
I am new to authentication cookies, and user sessions, so any documentation provided regarding that would be greatly appreciated.
• I would suggest you use ASP .NET MVC 2 or another version as the front-end client and integrate Azure AD B2C tenant and an app registered in it as described in the document below. Once you have the Azure AD B2C tenant registered and the required application for authentication configured, configure the custom policies and user flow accordingly. Once those are done, then secure that application with Azure AD B2C for login and authentication with guest authentication. Then, ensure that your backend application is integrated with Azure SQL or cosmos DB for storing the details of all the users signed in with the Azure AD B2C. For that purpose, you will have to give Azure AD B2C application registration, the required permissions for that concerned Azure resource for allowing to access the same and retrieve the user details from it. Thus, in this way, you can configure your application accordingly.
Kindly refer to the link below for more information and details on configuring the infrastructure for the same: -
https://www.codeproject.com/Articles/1121503/Integrate-Azure-AD-B-C-with-ASP-NET-MVC-Web-App-Pa
https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-authentication-sample-web-app?tabs=visual-studio
I have an angular-cli (v8) web application where I want users to be able to sign-in using their existing Azure AD account.
I came across the article explaining how to added authentication to an angular 8 application using Azure B2C and started to follow the step outlined in that article. https://about-azure.com/using-azure-ad-b2c-with-angular-8/
Azure AD is not on the list of authentication providers
Is is possible to add Azure AD as an authentication provider?
Technically my application is an Service Fabric application using .net core 3.1. I know that Visual Studio offers and "Add Connect Services" where one can choose Azure AD.
That does not work, because it configures authentication for a MVC application (options use.MVC) and I do not have an MVC application so it doesn't work (I have tried)
Is is possible to add Azure AD as an authentication provider?
Yes, you need to select New OpenID Connect provider and configure Azure AD as an identity provider.
Reference:
Set up sign-in for a specific Azure Active Directory organization in Azure Active Directory B2C
Referred the following stack overflow post Azure B2C client credentials grant
We are presently using Azure B2C.
I understand that Azure B2C does not support the client credential flow for now.
We have a requirement where an external application (server Application outside our organization) needs to access our resource (api hosted within our organization)
Is there any way we can do this from Azure AD-B2C or would we need Azure AD-B2B for these type of requirements. ?
Currently, your specific scenario -- where you are needing an access token to be issued for access by a daemon or server app to your API app -- isn't supported, however you can register the API app through the “App Registrations” blade of the Azure AD directory for your Azure AD B2C tenant.
You can upvote support for the client credentials flow by Azure AD B2C at:
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/18529918-aadb2c-support-oauth-2-0-client-credential-flow
If the API app is to receive tokens from both a web/native app as well as the daemon/server app, then you will have to configure the API app to validate tokens from two token issuers: one being Azure AD B2C and other being the Azure AD directory for your Azure AD B2C tenant.
You should not do this anyway.
Instead, provide a portal for your customers where they can manage api keys.
Implement api keys as a second auth schema in your Api
Using Azure Active Directory When i am applying single sign on for my web application i am able to do the Password-based single sign-on successfully.
But when i am doing with Integrated Windows Authentication(for kerberos authentication mainly), i am not able to configure it. i am very confused.
Can anybody guide me how to enable kerberos authentication for web application.
or please send me any example links how to set kerberos authentication for web applications.
Thanks!
If you are trying to use Azure AD with Kerberos for Windows Integrated Authentication there was a comment about AADConnect, which has some offerings, especially if you use ADFS for Federated sign-ins. There is also the Azure App Proxy with KCD support
We are developing a SaaS web application with an Angular UI front end and my login works just fine with the users I have added in my Azure Active directory as well as users from any other Azure AD using it's consent framework and everything is sweet.
What I now need is to allow users to login using ADFS of other organization which does not have any Azure Active directory. Which is the best solution for this?
For a test, I created a local active directory in a VM and federated it using ADFS. Let's say otherorganizationdomain.com is the doman. Even though I can access the login page directly using the URL I got during my ADFS set up, but when I typed that domain name(xxx#otherorganizationdomain.com) in my multi tenant app's login page it is not getting redirected to the login page of my ADFS where as other login continues to work fine.
I have a multitenant web app in the Azure AD. What I would ideally like to happen is when I type xxx#otherorganizationdomain.com I should be redirected to their ADFS login page and comes back with the claim just like how it works with Azure Active Directory. Am I trying to do some thing which can't be achieved?
You could federate ADFS as per ADFS : Using Azure AD but Azure AD is always the IDP which isn't what you want.
You could use AD Connect and sync. the users up but that is normally designed for users in the same forest. This is the way O365 works. Federated domains redirect to ADFS.
Or you could use AzureAD Pass-Through Authentication and Seamless Single Sign-on.
This uses your local DC but not ADFS.