Reputation: 1837
Azure AD/ADFS SSO Across ASP.NET MVC Applications
I have read through a ton of articles from MS on authentication through Azure AD. There are so many options and nothing I've read seems to solve my issue.
Here's the situation: I have 3 different web applications (all ASP.NET MVC 5). They are all hosted internally in our network on the same server/IIS and use windows integrated authentication against our internal AD.
Let's call these applications App_A, App_B, and App_C.
- App_A is located at appA.mydomain.com within our DNS
- App_B is located at appB.mydomain.com within our DNS
- App_C is located at appC.mydomain.com within our DNS
The use case is as such:
- A user navigates to App_A does some work and is eventually redirected to App_B
- The user does some work in App_B and is eventually redirected to App_C
- The user does some work in App_C
When the user is on a domain-joined PC, they are never prompted to log in. Windows takes care of that for them through the integrated authentication.
Now, this is what happens when a user wants to do the same work on a non-domain device (such as an iPad) whether on VPN or connected to the internal WiFi:
- When the user loads App_A they are prompted to log in and do so with their windows credentials
- When they get to App_B, they are prompted again (different sub-domain)
- And when they get to App_C, they are prompted again (different sub-domain)
Having to log in multiple times with the same Windows credentials is not the experience we want for our mobile users.
What we would like to have happen is have the mobile user log in one time when they hit App_A and not have to log in again when they hit App_B or App_C. As well, we would still like the users on domain-joined PCs not to have to log in at all as they are already authenticated to their machines. Just for your information, we are also syncing our AD to Azure AD, so we have that to authenticate against if the solution requires it. I am looking for what I need to do to setup my MVC apps to allow this sort of authentication.
Any help you can provide with this would be GREATLY appreciated.
Upvotes: 0
Views: 670
Answers (1)
Reputation: 7394
The scenario you describe should work by getting all apps to use Azure AD as shown in https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet and by ensuring that they all skip the home realm discovery and go straight to your domain, as shown in http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/
Upvotes: 1
Related Questions
- ASP.NET MVC Identity with SQL Server and Azure AD SSO for Authentication
- How to integrate Single Sign-On with multiple ADFS?
- Setting up ADFS for a Web App
- asp.net web application adfs authentication of client intranet in azure cloud without azure AD
- MVC multitenant application with different authentications per tenant
- How to implement single sign on MVC 2 using ADFS?
- ASP.NET MVC using Single Sign-On with Azure AD
- Single Sign On with Azure Active Directory
- Single Sign On With ACS through Multiple Applications
- ASP.NET MVC 3 SSO against ADAM and AD FS