On-premise LDAP authentication for Azure ASP.Net MVC 5

Question

We have an ASP.Net MVC 5 application which is hosted on our local servers and we authenticate users using on-premise LDAP (AD). We are using the following connection string for authentication of users in our web.config .

LDAP://xx.xx.xx:389/OU=Users,OU=IS Accounts,DC=xx,DC=xx,DC=xx

Now we have created and deployed the same application in Microsoft Azure and added the following service account credentials for above LDAP server in web.config file

<add name="ADMembershipProvider" 
     type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" 
     connectionUsername="xxx\xxxx" 
     connectionPassword="xxxx"       
     attributeMapUsername="sAMAccountName" />

We are having connection issue (user cannot login/Access denied) if we use above configuration. We need to authenticate users using on-premise LDAP.

We don't want to use ADFS or Azure Active directory Sync. Is this possible? If so, what are the security settings required to be done on local LDAP server? Do we need to open up a LDAP connection for our website (website IP address)?

Thanks. Zul

Answer 1

You have to create a Virtual Network and connect it to your on-premises network .

Then, depending on the service of Azure you use (Cloud Service Web Role or a Web Application), you have to join that service to that virtual network:

• Integrate Azure Web App with Azure Virtual Network
• Connecting web or worker roles to an Azure Virtual Nrtwork .

Last, but not least, you have to open the LDAP ports of your AD for the Azure Virtual Network IP Address ranges.