Azure Web App Requiring Authentication Back to OnSite AD......ADFS???
Good afternoon,
My company is working on its first Azure based web application that is going to live in the Azure cloud. The app will prompt a user for credentials when it is launched and I want that authentication to flow back to my on site active directory. I am heading down the road of an ADFS implementation as I thought that was the purpose, but in reading am starting to get confused on the "how". It is seeming in my reading that the ADFS is for presenting an internal web app to the outside, not for authenticating an external web app back inside.
Can someone shed some light on this? I have completed the install and initial config of the ADFS, but don't know what to research next in terms of providing an authentication mechanism to a cloud housed web application.
My company is working on its first Azure based web application that is going to live in the Azure cloud. The app will prompt a user for credentials when it is launched and I want that authentication to flow back to my on site active directory. I am heading down the road of an ADFS implementation as I thought that was the purpose, but in reading am starting to get confused on the "how". It is seeming in my reading that the ADFS is for presenting an internal web app to the outside, not for authenticating an external web app back inside.
Can someone shed some light on this? I have completed the install and initial config of the ADFS, but don't know what to research next in terms of providing an authentication mechanism to a cloud housed web application.
ASKER
This project is just starting so we have the ability to design how we want. If we use the claim/SAML aware approach, will that require an ADFS box in both the Azure cloud with the web app, or simply one in our dmz?
I have also been reading about Azure AD and the AD Connector and wondering if that is a better approach if we are forward thinking?
I have also been reading about Azure AD and the AD Connector and wondering if that is a better approach if we are forward thinking?
It really depends on your architecture and future vision on how much footprint you want to put anything on the cloud.
For example, do you envisage that you will moving to office 365 then Azure AD and AAD connector will be good to have, and if you have AAD Premium licence, then you might not even need to build the ADFS environment.
It really depends on the scope of the project and don't over do it unless you got the neccesary support.
A company that do not require single sign on and/or smaller than 200 users, i will say ADFS is really a big investment (you need 2XADFS + 2 AD-WAP)
For example, do you envisage that you will moving to office 365 then Azure AD and AAD connector will be good to have, and if you have AAD Premium licence, then you might not even need to build the ADFS environment.
It really depends on the scope of the project and don't over do it unless you got the neccesary support.
A company that do not require single sign on and/or smaller than 200 users, i will say ADFS is really a big investment (you need 2XADFS + 2 AD-WAP)
ASKER
Yes, this is all new so really trying to understand the pros and cons, as well as associated costs. It sounds like though that I have two options perhaps. The first being a local DMZ side AAD Connector with Azure AD in the Azure Cloud along with a web app, or a local ADFS in the DMZ with second ADFS server in the Azure Cloud along with a web app. Excuse my ignorance but what is the AD-WAP?
The app that is in this project will not use SSO.
The app that is in this project will not use SSO.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all the info. Definitely helpful in planning which way to continue researching. Thanks again!
claim/SAML aware- you can use ADFS,
LDAP aware - you can use on-site active directory.
More to build a claim aware ADFS - https://blogs.msdn.microsoft.com/alextch/2011/06/27/building-a-test-claims-aware-asp-net-application-and-integrating-it-with-adfs-2-0-security-token-service-sts/