stackoom
  简体   繁体   中英

From windows authentication to token based authentication, keeping .net framework 4.6 and active directory in use

 原文  2020-05-22 18:05:00       windows/ authentication/ oauth-2.0/ token/ .net-4.6

Question

My enterprise application is developed in .net framework 4.5 and is using windows authentication. In which case, as we all understand, it is the underlying AD(active directory) that authenticates the user.

I have to replace windows authentication with token based authentication, keeping the .net framework 4.6 and AD(active directory). I guess oAuth is a possible solution, could you please share some thoughts on other possible solutions and as how could I get started.

1 answers

solution1
 1  2020-05-22 19:18:04

HISTORY

It was common some years ago for apps to be developed for a corporate intranet, in which case Windows Authentication was a good solution. When token based authentication came along the benefits typically were:

  • Extend reach so that apps could be used over the internet
  • Support cross domain scenarios, eg APIs in a different domain
  • Support multiple authentication methods / policies depending on user location and device type
  • Write less security code and make new security features available to multiple apps

IMPLEMENTATION

An OAuth migration is a major architectural change and needs to be managed in terms of costs and benefits, though once done your apps will be quite cutting edge. Here is how Windows Authentication typically works in an OAuth 2.0 / Open Id Connect world, which requires a more complex setup:

  • Your UI redirects to a Cloud Authorization Server (AS), such as Azure Access Control
  • The AS redirects to an identity provider - such as an on premise version of ADFS (Active Directory Federation Services) - that is configured to use Windows authentication
  • When in the corporate intranet the user is automatically signed in and ADFS posts tokens to the AS
  • The AS posts different tokens to your UI
  • Your UI calls the API with the AS token and the API validates it

GETTING STARTED

If you decide that the effort is worthwhile then there are 2 parts to the job. Note that your application code will only ever interact with the AS and doesn't need to know or care about the authentication method:

  • Infrastructure migration
  • Updating the code in your UIs and APIs

If it helps, my blog and code samples are designed to help people deal with some of the challenges of OAuth tech. Maybe have a look at my first tutorial to get set up.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is there a way to use Windows Authentication (Active Directory) for a Git server? Windows azure active directory authentication in ios Active directory custom authentication Is it Possible to Use Azure Active Directory to authenticate an on-premise DB that uses Windows Authentication? Active Directory Last Name Change and SQL Windows Authentication Hundreds of Databases Active Directory authentication with c# (encoding issue) Custom Multi-factor Active Directory Authentication Forms Authentication Using Active Directory / LDAP Window Active Directory React JS Auto Authentication How can I set up a GCP Cloud SQL instance to trust an Active Directory Domain for Windows authentication?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM