locked
Azure AD Connect setup to allow custom Application Authentication (C# asp.net core) RRS feed

  • Question

  • The Partner company need website in C# .netcore, and For Authentication, they are preferring to go with Azure AD connect.

    I am aware about forms Auth, Azure AD App and Okta Authentication.

    Not sure what to do with Azure AD connect, how it will work and what Authentication I can use.

    1) What is Azure AD connect and how Authentication handshake happens?

    2) Can a Senior ASP.net developer should setup this or Network/Exchange guy should?

    3) Generally how long does it take to setup Azure AD connect to a server from scratch (4-6 year experience network/Admin guy) 

    Any link, info much appreciated, it important and bit urgent

    Monday, November 11, 2019 1:13 PM

Answers

  • 1) I think you have some confusion with the Azure AD connect.  Azure AD connect is a tool used for your extending your on-premises directory to cloud (Hybrid identity).  Hybrid identity with Azure AD has these 3 authentication methods which can be used based on your scenario - 

    1. Password Hash Synchronization
    2. Pass-Through authentication
    3. ADFS (Active Directory Federation Services)

    All these methods support Single Sign On as well.  Please refer to this documentation for more details.  You can also refer to Code Samples for implementing authentication to your web application and web APIs.

    Also, for authentication, you need to use Microsoft Identity platform to build your application where your web application will delegate users to Azure AD for sign in process. Please refer to Web app sign-in flow with Azure AD for more details.

    2) As long as you have basic understandings of Active directory concepts (forests, domain, etc.) and implementing  common topology (Single Forest, Single Azure AD Tenant) you can install Azure AD connect by following the installation documentation.    Please refer to Azure AD Connect and Azure AD Connect Health installation roadmap for instructions.

    3) If you are going with common topology, Azure AD Connect Express installation is mostly commonly used option and it can be setup in couple of hours if you do not run into any installation or your environmental issues.

    Monday, November 11, 2019 9:43 PM

All replies

  • 1) I think you have some confusion with the Azure AD connect.  Azure AD connect is a tool used for your extending your on-premises directory to cloud (Hybrid identity).  Hybrid identity with Azure AD has these 3 authentication methods which can be used based on your scenario - 

    1. Password Hash Synchronization
    2. Pass-Through authentication
    3. ADFS (Active Directory Federation Services)

    All these methods support Single Sign On as well.  Please refer to this documentation for more details.  You can also refer to Code Samples for implementing authentication to your web application and web APIs.

    Also, for authentication, you need to use Microsoft Identity platform to build your application where your web application will delegate users to Azure AD for sign in process. Please refer to Web app sign-in flow with Azure AD for more details.

    2) As long as you have basic understandings of Active directory concepts (forests, domain, etc.) and implementing  common topology (Single Forest, Single Azure AD Tenant) you can install Azure AD connect by following the installation documentation.    Please refer to Azure AD Connect and Azure AD Connect Health installation roadmap for instructions.

    3) If you are going with common topology, Azure AD Connect Express installation is mostly commonly used option and it can be setup in couple of hours if you do not run into any installation or your environmental issues.

    Monday, November 11, 2019 9:43 PM
  • Hello,

    Just checking to see if you were able to get this resolved and if the answer was helpful to you. If so, please remember to mark as answer so that others in the community with similar questions can more easily find an answer.



    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    Thursday, November 14, 2019 12:41 AM
    Owner
  • Please let us know if you were able to resolve the issue from the replies before. If you still have more questions please let us know with some additional information regarding your question and we'll try to resolve it. It may require additional support escalation if we are unable to resolve this on this msdn thread. 

    If there's no more follow ups in regards to this, I will be marking an answer as answer. If you feel your question has not been answered please let us know anymore pending asks and we can try to follow up accordingly. 

    thanks,

    - Frank H.

    Tuesday, November 26, 2019 8:04 PM
  • I'm following up on this please let us know if there are anymore questions. As it looks like this issue has been resolved within the scope of the MSDN Thread Question, I will be marking the response as answer. Please let me know if your question has not been answered, and I can go ahead and unmark it as answer or feel free to mark it as unanswer yourself. Also please remember to post future questions on the new Q&A Forums here : https://docs.microsoft.com/answers/index.html Thanks
    Wednesday, December 11, 2019 7:08 PM