I am a beginner with ADFS and do not know where to begin. I have an AngularJS 1.4.9 application which makes Ajax calls to an ASP.NET Web API 2.2 service.
Both applications are hosted within IIS under the same site and both use Windows Authentication on my company’s intranet. I’d like to modify them to use ADFS so that these applications can be accessed from the internet without a VPN.
You are better off looking into using the web application proxy (WAP)functionality for now. WAP allows publishing internal resources and making them internet accessible.
Once you get AD FS and WAP deployed, see step 3 in https://technet.microsoft.com/en-us/library/dn280943.aspx#BKMK_3
You can then look to slowly updating your applications to use federated authentication with AD FS.
Related
I am trying to create ASP.Net Core Hosted Blazor Webassembly with Azure AD authentication. As per this document, Microsoft suggests creating separate app registrations for the server api and the client app.
My question is: is it possible to use the same client id instead of the 2 separate mentioned in the document, since it really is 1 project/artifact (containing the static blazor site + web api) that will be deployed into Azure. Will there be an issue if only 1 app registration is used?
There shouldn't be an issue. The one thing I was thinking of that could have issues was the on-behalf-of flow but the article says basically no issues: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow#use-of-a-single-application.
The new application model allows an app registration to have multiple platforms in it, so you can register reply URLs for desktop apps, mobile apps and API scopes all in the same app.
There might be some weird corner cases if it is a multi-tenant application, but if it is single-tenant there should be no issues with using a single app.
I'm investigating options for adding AzureAD authentication to Angular SPA application with .NET core backend. I'm using VS 2019 MVC project with Angular (same as dotnet new Angular is producing). It's using .NET Core 3.1 and Angular 8.
From what I learned so far I have 3 options:
Built in Azure App Service Authentication
Adal.js - looks like the older brother of,
MSAL.js - which after making it work locally with Azure AD I learned on this page that "At this time, AAD V2 (including MSAL) is not supported for Azure App Services and Azure Functions. Please check back for updates." I couldn't make it work on Azure today so maybe this Note is for a good reason.
EDIT: Interestingly now point 3 works for me on Azure App Service so I'm not sure what this note means.
My requirements so far are that no screen is accessible to users unless they log in and that I will be able to read information about them from Azure AD - Roles, groups.
I never worked with Angular and I don't have any experience with Azure AD and I need someone that implemented it already to at least tell me which option I should choose and I can go from there.
My requirements so far are that no screen is accessible to users unless they log in and that I will be able to read information about them from Azure AD - Roles, groups.
I think the option 1 could meet your requirement, the configuration of Azure AD in Authentication / Authorization is higher than your code, the user could not access the app unless they log in.
To read the information about the roles, groups, you could check this good blog.
Here you have an angular E2E auth scenario using App Service built in authentication:
https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-auth-aad
I believe the part you are interested in is this one:
Enable authentication and authorization for front-end app
This way app service is the one redirecting you to AAD and getting a valid token that you can just pass in to your APIs afterwards. If the APIs are hosted in App Service as well, then APP service will be the one validating the token for you, so your backend code does not need to worry about authentication (you still need to handle authorization)
I've just uploaded my first app on Azure: it is a .net core MVC site + webapi + sql server. This app will be used by one user.
How can I limit the access to the app using a login, without developing that part on .net core?
One service you could use for this is App Service Authentication.
Azure App Service provides built-in authentication and authorization support, so you can sign in users and access data by writing minimal or no code in your web app, RESTful API, and mobile back end, and also Azure Functions.
If the user is from a specific location, you could also look into how you can configure Azure App Service Access Restrictions.
I have two web applications (App1 and App2) using Web API 2 and AngularJS.
App1 has a list of projects and App2 has a list of clients. They are both protected by the same ADFS.
Once I modify a project, I want to send a request from App1 (server-side) to App2. I think that it can be done by using Account Service (adfs). Can anyone recommend a solution?
What version of ADFS?
Can you use web API?
ADFS 3.0 has support for web API only.
ADFS 4.0 has full OpenID Connect / OAuth support.
I wanna authenticate my AngularJS Site users with on premise Microsoft active directory. Is there any AngularJs plug-ins or way available to do this?
SO can we use windows authentication from front-end only, without involvement of server side code?