SalesBuy
1-855-856-7678
Technical SupportSupport
Free Trial
*Internet Service Required
Active Directory Authentication using Windows Azure Connect
Active Directory Authentication using Windows Azure Connect
-
Monday, February 27, 2012 7:39 AM
Hi,
I am building a solution wherein a web application, hosted on-premise, is accessed from within an Azure role. The web application should allow active directory credentials to be used for authentication.
The on-premise intranet machine where the web application is hosted and Azure role are domain joined using Windows Azure Connect. Is it necessary to have Windows Azure Connect endpoint installed on the active directory server too?
Please share if you have any inputs on this.
-regards,
Gaurav
All Replies
-
Monday, February 27, 2012 2:40 PM
I think in your scenario, the application hosted in Azure is trying to access an on-premises application that accepts AD credentials only. Right? In that case,
Is the Windows Azure Connect used solely for the puropose of authentication? If the answer is yes, the recommended solution is to upgrade the web sites to be claims aware and use federated authentication using ADFS or both ACS and ADFS.
Srini
-
Monday, February 27, 2012 5:52 PM
Hi Srini,
I am using Azure Connect as the solution is basically a load testing rig with the load test agent running on cloud and the app which is being load tested running within the intranet. The app accepts only AD credentials. Do I need to have the Windows Azure Connect endpoint installed on the active directory server too?
-regards,
Gaurav
-
Tuesday, February 28, 2012 3:43 AMModerator
Hi,
Using ADFS is an option, but it will take quite a few work unless ADFS has already been setup. And since it is service to service communication, delegation is required.
In your case, if all you need is to connect from Windows Azure to a local service using Windows authentication, you can use Windows Azure Connect. Yes, the domain controller need to join the Connect group. I would like to suggest you to check http://msdn.microsoft.com/en-us/library/windowsazure/gg433029.aspx for more information.Best Regards,
Ming Xu.
Please mark the replies as answers if they help or unmark if not.
If you have any feedback about my replies, please contact msdnmg@microsoft.com.
Microsoft One Code Framework- Edited by MingXu-MSFTMicrosoft Contingent Staff, Moderator Tuesday, February 28, 2012 3:44 AM
- Marked As Answer by MingXu-MSFTMicrosoft Contingent Staff, Moderator Monday, March 05, 2012 11:35 AM
-
Friday, March 02, 2012 12:39 PM
Gaurav,
Yes you need to install connect endpoint agent you get from management portal on you AD server. Once you install connect agent on AD server, it will appear under Activate Endpoints section on Azure management portal Then you need to add AD server in the same Azure Connect group under local computers section where your roles are added and make sure you select the check box "Allow connection between endpoint in group".
Some more checkpoint - Make sure that IPv6 enabled on AD server. Open firewall port outbound for TCP 433
The DNS server should be configured to listen on all IP address. You can verify this by going to DNS manager, right click on your server -Properties - tab "Interfaces".
I recommend you create a separate Organization Unit (OU) in Active Directory server for your Windows Azure Role instances so that they can be easily managed.
Hope it helps.
Mark As Answer if it helps you | My Blog
- Marked As Answer by MingXu-MSFTMicrosoft Contingent Staff, Moderator Monday, March 05, 2012 11:35 AM
-
Monday, March 05, 2012 11:35 AMModerator
Hi,
I will mark the reply as an answer. If you find it no help, please feel free to unmark it and follow up.
Thanks.
Best Regards,
Ming Xu.
Please mark the replies as answers if they help or unmark if not.
If you have any feedback about my replies, please contact msdnmg@microsoft.com.
Microsoft One Code Framework
|
