Modify website to not use Active Directory

Question

I am not quite sure how to properly phrase this question so I will do my best to explain my issue.

I have a .Net website that works using Active Directory. It works great. No issues. However I have a need to stand-up a new copy of the website for an office that won't have access to Active Directory.

I am trying to come up with any possible solutions that will allow me to accomplish this without having to rewrite large portions of our user code base.

I might have to accept the fact this might take a lot of work but I figured I would try to explore any possible options before I jump into that.

Answer 1

Does the user :

-Access an IIS hosted site via windows authentication (like on an Intranet) ?

-Access an IIS hosted site using Azure AD (user signs into azure ad or office 365 via browser)?

-Access an azure hosted site using Azure AD (user signs into azure ad or office 365 via browser)?

You might consider some refactoring your application to use Microsoft's Identity framework which will allow you to easily plug and play how your application authenticates.

For .NET framework

Take a look at using ASP.NET Identity

https://learn.microsoft.com/en-us/aspnet/identity/overview/getting-started/introduction-to-aspnet-identity

For .NET Core

Take a look at using Identity on ASP.NET Core

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.1&tabs=aspnetcore2x

By using these frameworks, you can keep your login code the same and change the way the user is authenticated.

Hope this helps! Cheers!

Answer 2

Depending how the site is built, you might be able to set up an AD LDS instance on the web server that would mimic some of the services AD provides. OpenLDAP might do something similar.

You still probably need to change some things on the site, but this might let you get by with changing a lot less.