I am getting myself familiar with all the stuff related to authentication using active directory (both Azure AD and Windows Server AD).
Currently I am inspecting MS Katana project which is based on OWIN specification.
There are three libraries and one of them is kind of confusing for me:
Microsoft.Owin.Security.ActiveDirectory
Microsoft.Owin.Security.OpenIdConnect
Microsoft.Owin.Security.WsFederation
As for OpenId and WsFederation I understand what they are for, there are plenty of examples and articles about that.
What confuses me is the purpose of the ActiveDirectory library. I mean is this another way how to authenticate against active directory besides OpenId and WsFederation?
I am unable to find any relevant clear articles and examples about this one. Even on this site is the libraty only listed, but missing example:
Azure Active Directory Authentication Libraries
So my question is what is this library for and what are the use cases for using it over OpenIdConnect and WsFederation ways.
Thanks
That library contains middleware used for securing Web API with Azure AD. Any sample featuring a web API project in https://github.com/AzureADSamples/ uses it.
Related
I need to build an application where the front-end (ReactJs) is totally decoupled from the back-end, which is built using Asp.Net Core v5 (or higher) Web API.
Users will log in to the application using both OIDC with Azure Active Directory and local database login.
For performance reasons, I'd like to split some APIs into different projects and eventually install them on different servers.
I'm wondering if the [authorize] attribute I will put on the endpoints will work as usual even if they are running in different environments.
Please note that they could be different servers or different AWS Lambda functions, but in both cases, they can be considered different executables.
Is it something possible or I'm going in the wrong direction?
Please note that they could be different servers or different AWS
Lambda functions, but in both cases, they can be considered different
executables.
Is it something possible or I'm going in the wrong direction?
Thank you # Camilo Terevinto, Posting your suggestion as an answer to help other community members .
"It's completely possible (and common), as long as all APIs (and possibly Lambdas, depending on how they're used) authenticate against the same Azure Active Directory instance.
And we can set up ASP. NET Core Identity with both local login and AAD without any issues . Just ensure that our tokens always have the necessary scopes (to call other APIs in our system)"
For more information please refer the below links:
SO THREAD : How to use both Azure AD authentication and Identity on ASP.NET Core
Blog: Token Based Authentication using ASP. NET Web API 2, Owin, and Identity
I will need to pass in an oauth token to a library in order to POST some information in a remote system.
For debugging purposes, I have created a basic app as per the Azure AD and OpenID Connect tutorial
At this point I am stumped. The documentation is somewhat opaque to a newbie and I have been unable to find relevant examples here and elsewhere.
Have a look at one of the samples here. You need to look for a Core app that calls another API (even Graph - it is also an API), e.g.: this one.
I am using new feature of Azure that enables the active directory authentication for your website without writing any code.
http://azure.microsoft.com/blog/2014/11/13/azure-websites-authentication-authorization/
But the problem is my web application is also hosting some Web APIs, which need to be called without any authentication.
Is there a way (some attributes?) so that I can call Web APIs without any authentication?
Tushar, I see that Byron also replied to your question on his post- and suggested creating another website as for APIs as a work around. However I suggest that you wire-up auth separately for your Web App and APIs following our samples here: https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet, https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet
Let me know if you run into any issues.
From the very same article you refer:
Current Limitations
There are some limitation to the current preview
release of this feature:
...
With the current release the whole site is placed behind login the
requirement.
Head less authentication/authorization for API scenarios
or service to service scenarios are not currently supported.
So, no, you cannot have partial APIs or pages anonymously available - all pages and API will be protected by the Azure Active Directory.
Can anyone provide me with instructions on how to setup and secure a Web API project using Azure AD? I can create the project but when I navigate to /api/values/, I get a 401 response. The application has been added to the list of applications in my Azure AD directory.
I found a blog post here that appears to address this topic but the steps do not match my environment. Perhaps this is because it is a bit outdated?
What am I missing?
Take a look at the Web API examples at https://github.com/AzureADSamples, specifically WebApp-WebAPI-OAuth2-AppIdentity-DotNet and AzureADSamples/WebApp-WebAPI-OAuth2-UserIdentity-DotNet.
I'm starting an enterprise application that claims authentication using Active Directory users data. It will be like a Frontend Controller for every service that request company's and workers personal information, like SOA's style. But I need to decide which is the appropiate for this task.
Does anyone has utilized any of these somewhere?
I appreciate any help given.
I've consulted several sources, mainly the Nuget Package Manager official website page for LDAP Membership Providers.
These are quoted:
nJupiter.DataAccess.Ldap
Craig's Utility Library LDAP Namespace
LINQ to LDAP
Zetetic.Ldap
OGD LDAP Active Directory Providers
Before selecting an ldap provider, look at the native support that is built into .net
See the msdn documentation for There are two ways around this limitation - see the MSDN docs on DirectorySearcher for details: http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher(v=vs.110).aspx