ASP.NET与Windows Azure Active Directory SSO

Question

I already have more than 10 applications developed using ASP.NET. There are different versions for frameworks 2.0, 3.5 and 4. Currently I need to apply single sign on on all of my applications using Windows Azure Active Directory SSO. But I do not know what the code or library should be added to my application to be configured with the Azure SSO. Do I need to re-develop my application or recreate it with different versions? Does anyone know what I should do?

Answer 1

Different .NET frameworks should not be a problem. You should be able to implement SSO for all of these applications, but you will need to add it individually to each one. You will need to add it in the code of the application itself and then register each application to your tenant.

Here is a very good tutorial that shows you step by step how to add SSO to a published web application in Azure using OpenID Connect. You can follow the steps exactly and build their demo version to test it out, or follow their steps at the bottom that show how to implement SSO in your own application.

https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect

Here is the official Microsoft documentation, which also describes how to implement SSO: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps

Alternatively, if you want to use a library that is already integrated with Visual Studio, you can go to Project > Add Connected Service > Authentication with Azure Active Directory.

Answer 2

The "SSO" in this case refers to SAML . To do SAML in C#, look into Windows Identity Foundation (WIF), which includes some SAML support.

Note that doing SAML SSO involves more than just dropping in the right kind of username/password field. You need to have additional special pages to handle certain redirects, and have a way to store exchange saml metadata with your Azure AD identity provider. It can be painful.