Last post Jan 23, 2019 01:59 AM by Nan Yu
Jan 18, 2019 09:05 PM|DanielAnderson|LINK
We are in the process of moving various infrastructure to Azure and are looking to properly weigh our options when it comes to some of our legacy .NET 3.5 Web Forms applications. We are hesitant to upgrade them considering the strong possibility of breaking
changes (at the very least, Oracle related issues). The applications use Forms Authentication and store the post-authentication cookie via FormsAuthentication.SetAuthCookie(). The authentication occurs either through LDAP or CAS.
What I am wondering is whether or not it is possible to have a newer application that performs authentication through Azure AD and then writes a post-authentication cookie for the legacy applications to work with. With Azure AD using newer protocols I am unsure
if the legacy applications will be able to understand the end result of the Azure AD Authentication. The newer application would theoretically perform the authentication and would also be responsible for retrieving AD Groups in which the older applications
would then use for authorization.
Does this sound like a feasible option, or is it simply not possible? Any insight is welcome.
There is a similar question referenced below so I do apologize if this question seems redundant. The referenced question did not contain some details that this question has so I thought it would be best to post my own.
Integration owin identity project with other mvc project in same solution
Jan 21, 2019 05:39 AM|Nan Yu|LINK
Hi DanielAnderson ,
In general , you need SSO in that both apps have an active AAD cookie set in the user's browser for the login.microsoftonline.com domain . I haven't test your scenario , But i would suggest you use one authentication server(AAD) and it will automatically
implement SSO with Owin support .
Jan 22, 2019 07:29 PM|DanielAnderson|LINK
I should clarify - we also want to avoid extensive hand-written authentication code as that may be just as problematic and time consuming as upgrading from 3.5. Given that .NET 3.5 doesn't have native OWIN support, this gives me the impression that we would
either need a separate and newer application to perform the authentication using built-in libraries or we would have to effectively upgrade the applications.
Hypothetically one could create the authentication code necessary for the legacy applications to work with Azure AD directly. However, if that is the only viable option, it would be better to upgrade the applications and use existing .NET libraries to facilitate
the Azure AD authentication. We're trying to avoid both upgrading and extensive coding if at all possible, hence the question.
Jan 23, 2019 01:59 AM|Nan Yu|LINK
If you can't use Owin , you need to handle the redirect yourself , Please refer to below document for code flow :
Generally , you can follow the steps :