1

I have a big MVC 4 application that uses Form authentication. It has its own user and privileges management using a custom database. Now I need to adapt this application to allow integration with customer AD and allow SSO using their users.

All the guides I found online assume the creation of a brand new project. I tried to add support using Connected Services, but I cannot find AD service (Only Office 365 Services with Microsoft Graph, but that's not the case).

I would like to make it configurable so I can choose to deploy in both in its own legacy user management scenario or the AD integration scenario.

Can anyone point me in the right direction?

WaveMax
  • 191
  • 4
  • 15
  • 1
    It sounds like you want mixed Form and Windows authentication. I've done this before and described how I did it in a couple of answers I've written in the past. I first did it [this way](https://stackoverflow.com/a/43208029/1202807), but I have since changed my approach, which I described in [this answer](https://stackoverflow.com/a/57575030/1202807). But looking at both answers should help you implement it. – Gabriel Luci Feb 04 '22 at 16:51
  • 1
    I keep meaning to write up a complete example of this and put it on my website. I should get around to that. – Gabriel Luci Feb 04 '22 at 16:55
  • Yes, more or less what I want. I though about adding a flag in the configuration table because I either want a Form authentication or AD integration. If the customer owns a suitable AD it has to be able to make use of it, or be able to self-sustain if there isn't any. – WaveMax Feb 04 '22 at 16:59
  • One more thing, in the AD integration scenario it is supposed to handle SSO, so it must recognize the user and don't require authentication (assuming it's a legitimate user) – WaveMax Feb 04 '22 at 17:01
  • Yes, that's what Windows Authentication does: as long as the server is joined to the same or trusted domain as the user's account, and the site is added to the Trusted Sites in Internet Options on the users' computers, which tells IE/Edge and Chrome it can automatically send the credentials. Firefox has its own settings for this. – Gabriel Luci Feb 04 '22 at 17:04

0 Answers0