'Azure AD Authentication ASP.NET 4.8 Web Application

I have been tasked to investigate and also develop support for Azure AD in our existing ASP .NET 4.8 (Not Core) Web Forms application.

The current application connects directly to a SQL database that contains the usernames and passwords and that is how we authenticate. We have a requirement to add Azure AD authentication to this but I am unsure of how this can be achieved and I can only find examples based on .NET Core 5 later.

We plan on hosting the Database in the cloud through Azure and provide Azure Virtual Desktops to use the Windows 10 client. However, we want to host the .NET 4.8 application also on Azure and have it secured with Azure AD. Any guidance on how this could be achieved or a some resources to investigate would be perfect. Since this site maybe replicates for different tenents/customers it would need to be configurable to change which Azure AD it is conencted to.

Thanks.

c++sharpasp.netazureazure-active-directoryazure-web-app-service


Solution 1:[1]

We can use the below workaround to add Azure AD authentication to our ASP.NET 4.8 webform application .

Steps which we have tried:

  • Create one sample webform app using .net 4.8 enter image description here

  • Added domain of our Azure AD tenant in authentication (Work or school account> Multitenant users) enter image description here

My StartupAuth.cs file like below for sample webform application:

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Globalization;
using System.Threading.Tasks;
using System.Linq;
using System.Web;
using Microsoft.Owin.Extensions;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;

namespace azureadauthajay
{
    public partial class Startup
    {
        private static string clientId = ConfigurationManager.AppSettings["ida:ClientID"];
        private static string aadInstance = EnsureTrailingSlash(ConfigurationManager.AppSettings["ida:AADInstance"]);
        private static string authority = aadInstance + "common";

        public void ConfigureAuth(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions { });

            // instead of using the default validation (validating against a single issuer value, as we do in line of business apps), 
            // we inject our own multitenant validation logic
            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = clientId,
                    Authority = authority,
                    TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
                    {
                        ValidateIssuer = false,
                        // If the app needs access to the entire organization, then add the logic
                        // of validating the Issuer here.
                        // IssuerValidator
                    },
                    Notifications = new OpenIdConnectAuthenticationNotifications()
                    {   
                        SecurityTokenValidated = (context) =>
                        {
                            // If your authentication logic is based on users
                            return Task.FromResult(0);
                        },
                        AuthenticationFailed = (context) =>
                        {
                            // Pass in the context back to the app
                            context.HandleResponse();
                            // Suppress the exception
                            return Task.FromResult(0);
                        }
                    }
                });

            // This makes any middleware defined above this line run before the Authorization rule is applied in web.config
            app.UseStageMarker(PipelineStage.Authenticate);
        }

        private static string EnsureTrailingSlash(string value)
        {
            if (value == null)
            {
                value = string.Empty;
            }

            if (!value.EndsWith("/", StringComparison.Ordinal))
            {
                return value + "/";
            }

            return value;
        }
    }
}

And web.config where client id of our tenant provided:

<configuration>
  <appSettings>
    <add key="ida:ClientId" value="xxxxxe-xx8-xxxf-xxxf-xxxx661b" />
    <add key="ida:AADInstance" value="https://login.microsoftonline.com/" />
  </appSettings>
  <location path="Account">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <system.web>
    <authorization>
      <deny users="?" />
    </authorization>

enter image description here

SAMPLE OUTPUT FOR REFERENCE Sign-in and sign-out:- enter image description here

enter image description here

enter image description here

For more information please refer this BLOG: Create an ASP.NET Web Application (.NET Framework – Web Forms or MVC) using Azure AD Authentication

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 AjayKumarGhose-MT

Related Questions