Office365 SSO from ASP.NET application with no Active Directory
Question
We want to make a Single Sign On to Office365 from an ASP.NET web application that stores username and password in a database. We do not have Active Directory accounts for these users.
What I can read about SSO to office365 is that it only allows SSO with an on premise AD. But there should be some work arounds around this.
Anyone who can give me a pointer on how to accomplish this.
1 answers
solution1
1 ACCPTED 2013-02-07 21:44:27
This is possible but difficult. We spent like a month to get it done.
What you have to do is to set up your own ws-federation security token service. You develop it with WIF. It should expose the exact metadatw and claims that ADFS2.0 does. This is one of the tricky parts as this is not documented anywhere and requires some reverse engineering on ADFS metadata.
When the sts is ready and functional, the O365 will not see a difference between your sts and thr ADFS and will happily authenticate users against your own sts. And the sts can use any user backstore you want.
Yet another problem is the way you automate O365 to create user accounts. This is simpler, as the powershell api is well documented and allows you to mimic the way the DirSync works so that you don't need DirSync and the AD.
This only scratches the surface and be prepared for a tough research. Any specific questions can be answered but I wouldn't expect a step-by-step tutorial from anyone. At least we haven't found anything and we did all by ourselves.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.