Reputation: 623
AD / Windows authentication on Azure
I'm developing a REST service with PHP on IIS. During development, I tested it with IIS's Windows authentication on the domain controller and it worked fine and authenticated against the domain Active Directory. I was even able to limit the users to certain security groups.
Right now, I am trying to deploy this website to Windows Azure but I don't know how to get the authentication to work. I've been looking for a solution all week now but all I found are instructions on how to set up ADFS, AD Sync and Single sign on - none of which seem suitable.
My web.config looks like this:
<configuration>
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="SomeSecurityGroup" />
</authorization>
</security>
</system.webServer>
<system.web>
<authentication mode="Windows" />
</system.web>
</configuration>
Any suggestions would be appreciated.
Upvotes: 1
Views: 854
Answers (1)
Reputation: 5367
Whilst , on Windows Azure, you can deploy your site as a web role on a Virtual Network that has an Active directory deployed and use Windows Authentication pretty much in the same way as you would on-premises, you would be missing a trick as you would still have a fair amount of infrastructure to manage in the way of an Active Directory instance deployed on Azure and/or a Virtual Private Network (WPN) between Windows Azure and your Windows Azure Network.
They key then is, then, using either Windows Azure Active Directory, Windows Azure Access Control Service, or - frankly - any other WS-Federation based identity provider but basing your application on WS-federation rather than Kerberos tokens.
This article walks through the basics of using Windows Azure Active Directory from PHP and should point you in the right direction but basically the idea is to move toward WS-Federation and claims based authentication using known identity providers rather than relying on Windows Authentication which is not easily mapped to internet standards
Upvotes: 1
Related Questions
- Can I implement Azure AD Authentication into an existing PHP application
- Implementing Azure AD authentication in web form application
- Authenticate a PHP application using Azure Active Directory connection
- Azure AD Integrated Authentication
- Using windows authentication to log on to Azure Active Directory
- Authentication in an ASP.NET web application using Azure AD
- Authenticate users against Azure Active Directory from PHP web application
- Authenticating a PHP Web App with Azure Active Directory and Azure Mobile Services
- Windows authentication with PHP on IIS
- Authenticate against Windows Azure Active Directory (Web Service)