My C# .net 4.5 asp.net app currently uses forms authentication. We need to implement SSO on it via an on-premises ADFS 3.0 server that will link to external ADFS servers using Claims Provider Trusts.
The thing is that some users will continue logging in the old Forms Auth way while others will be authenticating using their ADFS credentials.
Can ADFS and Forms Auth be mixed? How can I direct the different users to the different logins?
I read here that I might need to code my own Custom Auth Provider...this seems pretty complicated. Is there another simpler way?
Related
I want to integrate two-factor authentication or Multi-factor authentication for my.net 3.5 legacy web application.
Is there any support service or technique to do this?
Can I use any of the below services?
Windows azure active directory authentication
Google Authentication
Okta verification
Microsoft Authenticator
We have a legacy .NET WebForm Saas application that uses .NET Framework 4.7.2 and authentication logic via the legacy web form authentication against local SQL database. It tracks the authenticated session via cookie which is the standard for form authentication.
We recently have a customer who requests SSO using their Azure AD to authenticate into our application. Upon doing research around I've come up with SAML and OpenId Connect and I'm leaning toward OpenId Connect.
The challenge is while this customer uses Azure AD, another customer may use AWS AD or some still wants to use the standard login form on our login page.
Is this possible to have form authentication work along side with SSO? I'm still educating myself in SSO and it is confusing to say the least but I generally see people use an identity provider with multiple applications whereas we seems to go down the road of a single application using multiple identity providers while still support its own authentication method.
yes, that's doable. We have built a no-code/low-code solution for people to implement this. Here is a demo website. https://demo.datawiza.net/login
Click SSO at the bottom. Inputting company-a brings you an Okta login page; inputting company-b brings you to an azure ad login page.
I have a C# MVC application which requires ADFS authentication. ADFS was not considered at the initial stage of the development until completion of the application. Any ideas on how to make the application aware of ADFS? I have configured ADFS with the right claims, the challenge is making the application aware. Any idea is appreciated. I am using ADFS 2.0. It is On-Premise ADFS
Making the application "ADFS aware" requires that the application uses one of the supported protocols i.e. WS-Fed, SAML or OpenID Connect.
Adding WIF (WS-Fed) is a good option.
Building My First Claims-Aware ASP.NET Web Application
Deploying Active Directory Federation Services in Azure
Use the On-Premises Organizational Authentication Option (ADFS) With ASP.NET
in Visual Studio 2013
Using ADFS with Azure for Single Sign-On
in ASP.NET MVC
We currently have an Asp .Net web application (Framework 4.5) using Forms based authentication. A few of our clients are asking for integration with their applications and does not want to have separate login accounts.
What would be the best way to implement this? The solution should be able to validate against different identity providers.
A consultant has suggested to convert the current web app to be claims-aware but not sure how to proceed with it or where to start .
Thanks for all your help.
Making an application claims-aware implies adding support for one of:
WS-Federation
SAML 2.0
OpenID Connect / OAuth
This then enables the application to talk to an IDP for SSO e.g. ADFS, Azure AD, identityserver, Auth0.
In the Microsoft world, web apps use the OWIN NuGet packages for WS-Fed (WIF) or OIDC. For SAML, look here.
Desktop apps use ADAL or the later version MSAL.
ADFS e.g. only authenticates against AD. If you want to authenticate against a DB as well, you federate ADFS with e.g. identityserver or Auth0 both of which have that ability.
We have an existing ASP .Net application which uses forms authentication. A client has requested to integrate with their active directory and a consultant has suggested that we use Shibboleth as the service provider.
We still want to keep forms authentication for other clients but also be able to support federated authentication.
I found this post regarding authentication with Shibboleth but lost on how to integrate this one with our current forms authentication - our application is not yet MVC.
asp.net MVC authentication with Shibboleth
My question is : how dow we convert our application to authenticate with shibboleth but still retain our forms based authentication ?
Thanks in advance.