How to do both Azure Active Directory Single Sign On and Forms Authentications on ASP.NET MVC

Question

We have the legacy system developed by MVC 4 using Forms Authentication and Basic Authentication for Web API (there is no OWIN so far).

Now we have lots of clients which want to do single sign on into our system, so we use Azure Active Directory (AAD) to store client's users.

Now the situation is we want to revise the login workflow to adapt with AAD. The login page has no changes, under the hood, we check whether user exists on our system (using our database), it allows user to access. If not, we continue to check user on AAD, we don't want to re-direct to Azure login page in this case.

I have done tons of reading but have not much clear how to do this? We also consider to upgrade to MVC 5 in order to use OWIN middleware authentication if it's fine with situation.

Answer 1

One possible solution is to use Custom SSO applications from the Application gallery in AAD. When doing this, AAD will parse the form that the AAD users are using to login to the system. When a user that is already logged in to AAD enters your application, the AAD browser plugin or app will enter the username and password automatically.

More information on this blog: http://www.edutech.me.uk/microsoft/identity-and-access-management/active-directory/azure-ad-custom-saas-applications-for-any-3rd-party-service/