locked
SSO Azure AD with Visual Studio vs SAML RRS feed

  • Question

  • User2054207217 posted

    Hello:

    I'm trying to understand and implement SSO to a new ASP.NET Core web application that I will be deploying to Azure. Here are my questions:

    1. I am able to create a sample application and was able to use VS 2019 and be able to set authentication as "Work or School Accounts" and then choosing "Cloud Single Org" and supplying the correct domain name along with checking Read directory data. This seems to serve the purpose of being able to authenticate the user when I run the app. Is this the correct way of implementing SSO?
    2. I was asked to implement using SAML. So is this an another way of implementing SSO? 

    I do need to read user attributes like which dept. they belong, codes etc to give the right permissions to the Views in the MVC app.

    Is method 1 the right way or method 2 the correct way?

    Thanks for you help.

    Friday, March 6, 2020 9:21 PM

All replies

  • User283571144 posted

    Hi progdever,

    As far as I know, both of the 2 method is the right way to use SSO with Azure AD.

    By using Azure AD could use achieve SSO easily, we just need to register the application in the AAD protal and generate the appid and use it.

    Then we could use AAD protal to manage the SSO.

    Method 1 and 2 could all connect to the Azure AD to achieve SSO.

    For method1, details about how to use it and how it work, you could refer to this article.

    For method2, details about how to use SAML to connect to AAD, you could refer to this article.

    Best Regards,

    Brando

    Monday, March 9, 2020 6:59 AM
  • User2054207217 posted

    Thanks Brando.

    Can someone please provide an example on how to authenticate using SAML2 with asp.net core. Also, wondering how to query "extension" attributes from a Azure AD?

    Thanks.

    Wednesday, March 11, 2020 4:33 PM
  • User283571144 posted

    Hi progdever,

    Can someone please provide an example on how to authenticate using SAML2 with asp.net core.

    If you want to know how to uthenticate using SAML2 with asp.net core, you should register the application in the Azure AD and then use the Microsoft.AspNetCore.Authentication.WsFederation library.

    More details about how to do it, you could refer to this article.

    https://cmatskas.com/asp-net-core-saml-authentication-with-azure-ad/ 

    Best Regards,

    Brando

    Friday, March 13, 2020 1:33 AM