Saturday, May 29, 2021

Migrating Window Authentication App into Azure

As you know Windows Authentication not supported in azure. When attempting to move legacy ASP.NET apps to Azure App Service, you might encounter a few challenges. However, Microsoft provide Azure App Service migration assistant which help you to migrate your on-premises application into Azure cloud. I have previously written blog about it. You can read more about in below link.

AppService Migration Assistant

We will walk through updating an ASP.NET application with Windows Integrated Authentication to use Azure Active Directory (AAD). It will help you to move your on-premises application into Azure PaaS (Web App). This post walks through some relatively minor tweaks that allow you to switch your site to use AAD for authentication and, if you want, AD group membership for authorization. These changes will enable deployment of those sites to Azure App Services.


To make the change we’re going to follow the below steps

1.       Ensure your site is setup to use SSL.

2.       Register your application in AAD.

3.       Get the necessary OWIN NuGet packages.

4.       Add in some startup code to use the OWIN authentication libraries.

 

Ensure your site is setup to use SSL

This demo I am using application which run with window authentication. First, we need ensure application use SSL (https) while running. You can enable by selecting project and set property SSL Enabled true


When you run application, it will run on port number 44362 as you can see in screenshot

URL: https://localhost: 44362/

Register your application in AAD

We need to register your application with your Azure Active Directory (AAD).

Need follow steps to register App with help of azure portal.

1.       Go to azure portal https://portal.azure.com

2.       Once your login in then go to Azure Active Directory


3.       Then need to click on App registration 


4.      After that click on New registration. It will open form as below


5.       Once all information filled as above then need to click on Register button

6.       Now our app is registered successfully in AAD and we can use created App client id and tenant id in our Web application.


 

Get the necessary OWIN NuGet packages.

OWIN (Open Web Interface for .NET) will significantly simplify the migration process. OWIN defines a standard interface between .NET web servers and web applications. The goal of the OWIN interface is to decouple server and application.

The problem with System.Web is that it is way too bloated and coupled with IIS. You are forced to run it in IIS. The OWIN initiative is an attempt to modularize and decouple the Web Stack by adding abstraction.

OWIN is an open standard. http://owin.org/

Need to Install these OWIN (Open Web Interface for .NET) packages

1.       Microsoft.Owin.Host.SystemWeb

2.       Microsoft.Owin.Security.OpenIdConnect

3.       Microsoft.Owin.Security.Cookies


Microsoft.Owin.Host.SystemWeb

Middleware that enables OWIN-based applications to run on Internet Information Services (IIS) by using the ASP.NET request pipeline

 

Microsoft.Owin.Security.OpenIdConnect

Middleware that enables an application to use OpenIdConnect for authentication

 

Microsoft.Owin.Security.Cookies

Middleware that enables an application to maintain a user session by using cookies

  

Add in some startup code to use the OWIN authentication libraries

We need to add some code to the OWIN startup process and adjust the web.config.

Web.config


Once these 3 keys added in Web.config then need to create Startup.cs file inside App_Start Folder

Startup.cs


You can download code this code from GitHub

URL: https://github.com/deepakjoshiinfo/WindowsAuthToAzureAD 

Once we made changes in Startup.cs file then need to test the authencation working or not. I have just copied below code in About.aspx file

<div>

        <div>IsAuthenticated</div> <div><%= HttpContext.Current.User.Identity.IsAuthenticated %></div>

        <div>AuthenticationType</div> <div><%= HttpContext.Current.User.Identity.AuthenticationType %></div>

        <div>Name</div> <div><%= HttpContext.Current.User.Identity.Name %></div>

        <div>Is in "Group1"</div>

        <div><%= HttpContext.Current.User.IsInRole("Group1") %></div>

        <div>Is in "Group2"</div>

        <div><%= HttpContext.Current.User.IsInRole("Group2") %></div>

    </div>

When I run the application in my local machine it redirect me to Microsoft login page for Authentication 

Login with your domain UserId and Password then it will open our application


You can see user Authenticated from azure active directory. Now we can migrate this application in Azure Web App. If you want to learn more about web app read my previous post   Azure WebApps

Helpful links for more information

Convert ASP.NET Web Forms with Windows Authentication to use AAD

https://devblogs.microsoft.com/premier-developer/convert-asp-net-webforms-with-windows-authentication-to-use-aad/

QuickStart: Register an application with the Microsoft identity platform

https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

Hope it will help you to migrate window authentication to azure active directory authentication.

Keep sharing keep learning. Cheers

3 comments:

  1. Your blog is really good. This information is really useful for those who have searched for this and you have great knowledge about this. I’m really impressed with your post.Azure Data Migration Services

    ReplyDelete
  2. When we find issues related to this type of subject that's not easy to find but some people like you make it easy for us. Thanks for giving us precious time. Cloud Based Software System Online

    ReplyDelete
  3. The information in the post you posted here is useful because it contains some of the best information available. Thanks for sharing it. Keep up the good work id protection software.

    ReplyDelete