Single Signon between my Azure application and SharePoint Online - sharepoint-2010

I am trying to evaluate a strategy where I can integrate our Azure based application to SharePoint Online.
The idea is to provide seamless UI so that they are able to use the best of the features from both these applications without having to navigate away from our application.
We would like to bundle the application with Sharepoint online so that if a user comes to our application they will see another tab for collaboration which will open SharePoint online in a seperate iFrame or something like that.
However the issue here is that we do not want the user to keep another set of user credentials for SharePoint online. Is there a way where we can provide some kind of single sign on here.
Our application uses forms based authentication.

I could verify that you sure can use ClaimBased SSO with Azure and SPOnline. Look for the following:
Claims-Based Single Sign-On for the Web and Windows Azure
Remote Authentication in SharePoint Online Using Claims-Based Authentication
So using Claim Based Authentication (Use Windows Azure ACS) you can merge SP online and Azure Web Role together.

Related

Use sharepoint workflow to retrieve data from Azure App

I'm using Office 365 and Windows Azure. I need to create an App on Azure that will require authentication and will be accessible for Sharepoint workflows.
I created simple ASP.NET app that uses Azure Active Directory for single sign-on (according to this steps: http://www.asp.net/identity/overview/getting-started/developing-aspnet-apps-with-windows-azure-active-directory )
Then I created workflow on Sharepoint, that calls this App and retrieves response content. Unfortunately it turns out that instead of website content it returns login page.
My question is how to make the connection between Sharepoint Workflow and Azure App, so that the App would require to log in for users, but would be accessible for the Sharepoint Workflows?
Sorry for my poor explanation, but I'm very new in this topic.

azure mobile services and asp.net website - need to support user roles

I am working on an application which has an azure asp.net mvc website and an azure mobile service. Both will be using the same azure sql database.
I understand that I can use custom or Microsoft, Facebook based authentication using my mobile service. The website and the mobile app that I will be building though will have different features in the website and on the mobile app based on the role of the user.
How should I go about implementing user roles? If this was just an asp.net application, I would have just used ASP.NET Identity but not sure how to do this with Mobile Services.
I found a similar question asked a year ago with no resolution - Using ASP.NET 4.0 membership provider with Azure Mobile Services
If there is an existing implementation or guidance out there, please point me in that direction. Thanks.
As of today, there isn't a super easy way to handle this no matter how you slice it. You can take a look at this post (there is another dealing with the JavaScript backend that is linked from this) http://www.acupofcode.com/2014/04/general-roles-based-access-control-in-the-net-backend/ that talks about role based access control using Azure Active Directory. AAD may not be the option you want to go with. In which case, you'd need to implement the roles and checks in your Mobile Service yourself. If you only have two levels such as "normal user" and "admin" you COULD dictate everything based off of the user.level property and if they are "authenticated" they only have basic user access but if they're "admin" they have admin functionality. You'd still need to do the role based logic in your backend but I think you'll need to handle that no matter what.
Alternatively, what I think you could look at doing, is using the ASP.NET Identity system. Then from your Mobile Service, you can use the same type of custom auth I've documented here (http://chrisrisner.com/Custom-Authentication-with-Azure-Mobile-Services-and-LensRocket) but instead of checking against and storing a username/password in your Mobile Service like that sample is doing, when the user goes to register / login, you could check against the user backend created by the ASP.NET identity system. I don't have a sample off hand of that working but it sounds doable in my head.

Use multiple authentication mechanisms in Azure

I am new to windows azure development.
I am developing an application for hosting online tests.
This application needs to have multiple authentication options like Windows live ID, Facebook etc.
It also needs to have default form based authentication fed by the database in back end (simple User name and Password match).
Based on the authentication mechanism different permissions will be available to the user.
Can anyone please suggest how i should proceed on this?
Thanks
Do you really need forms authentication, or do you just need an application specific store where people can use a credential specific to your app?
I'd suggest researching Windows Azure Active Directory and Windows Azure Access Control Services together. You may create either an AD tenant for your application store and use it as an Identity Provider for ACS or you could host your own Secure Token Service and Identity Provider which uses your backend database as the user store also registered with ACS. This means that all of your authentication goes through the same process and allows for you to have your own user store, plus the social Identity Provider capability.
The key here is that you want try to avoid having forms authentication AND Social, but rather a mechanism where multiple Identity Providers can be used, including one of your own.
As Gaurav stated there are a ton of resources out there for this:
Understand the difference between WAAD and ACS.
Provisioning an Azure AD Tenant as a Identity Provider in ACS
Windows Azure Identity
There are also many blogs and MSDN documents talking about how to set these up.
If you start with the default "ASP.net MVC4 Web Application" template in Visual Studio you get a web application mini-sample with an AccountController that supports local and 'social' accounts out of the box. See documentation here. It is based on DotNetOpenAuth (a fantastic lib with terrible documentation) and a Microsoft implementation of an special MembershipProvider which lives in WebMatrix.WebData.
Regarding the Azure Access Control Service 2.0: I have no idea what the status of this service is but it looks to me as if MS itself tries to discourage developers form using this service since it was to deeply hidden somewhere under Windows Azure Active Directory in the documentation.

Sharepoint hosted web application - custom security

I need to implement a web application hosted on sharepoint. This is a client requirement. So I cannot create a standard asp.net web application. Another client requirement is that the authentication is not an active directory one but they want to use an existing database of users.
I am a bit concerned how this would work on sharepoint because users would need to log-in onto sharepoint. Would it make sense that users log into sharepoint as anonymous and then we use our custom controls for log-in. How does sharepoint handle anonymous users?
Any assistance would be greatly appreciated
When building apps over SharePoint, you use the SharePoint authentication mechanism, whatever it is.
Does the SharePoint farm is already in place ? Or do you have to also build the farm ?
In the former case, probably the authentication mechanism is already in place and you just have to build a "standard" sharepoint application.
In the later case, you will have to carefully plan your authentication. SharePoint can use a combination of AD authentication, Forms authentication (over a DB in your case if you want) or a Claims authentication pattern. My guess is that a Forms authentication with a custom Membership/role provider is the way to go.

Any standardized login functionality available in Azure

We are looking to host our product on Azure- the intent behind using Azure is that we get to focus on the core product, and are fine with the standard cloud features that Azure offers without needing to understand too much of the internals- not exactly the power users!
One thought was that if Azure had an authentication functionality- profiles, logins, password reset/ reminder etc, it would save us time from building what is essentially a commodity
Any guidance on this?
Azure offers the Access Control Service, which is a Federated Authentication service. It's already preconfigured with support for Live ID, Google and Yahoo authentication, but you can also add your own security token service (such as ADFS).
Windows Azure does not have a built in login feature. However,App Fabric Access Control Service(ACS) does; see the ACS tutorial here for example usage.