• Home
  • Services
    • Software Development
    • Testing and QA
    • Data and Analytics
    • Product Customization
    • IT Infrastructure
    • IT Enabled Services
  • Products
    • DrCare247
    • Hummy
  • Industries
    • Healthcare
  • About Us
    • Company
    • Careers
  • Resources
    • Blog
  • Contact Us
Email info@genixtec.com
Phone 1-888-466-6066
    • Home
    • Services
      • Software Development
      • Testing and QA
      • Data and Analytics
      • Product Customization
      • IT Infrastructure
      • IT Enabled Services
    • Products
      • DrCare247
      • Hummy
    • Industries
      • Healthcare
    • About Us
      • Company
      • Careers
    • Resources
      • Blog
    • Contact Us
Genix
Genix
Email
info@genixtec.com
Phone
1-888-466-6066
Genix
Genix
Genix
  • Home
  • Services
    • Software Development
    • Testing and QA
    • Data and Analytics
    • Product Customization
    • IT Infrastructure
    • IT Enabled Services
  • Products
    • DrCare247
    • Hummy
  • Industries
    • Healthcare
  • About Us
    • Company
    • Careers
  • Resources
    • Blog
  • Contact Us

    Azure AD single sign-on (SSO) integration in .Net core application

    Genix > Blog > Data Analytics > Azure AD single sign-on (SSO) integration in .Net core application
    • May 3, 2021
    • Prakash Bhaskar
    • Data Analytics
    • 0
    Azure AD single sign-on (SSO) integration in .Net core application

    What is Single Sign-On (SSO)?

    Single sign-on (SSO) is an authentication process that allows a user to sign on with one set of credentials and gain access to multiple applications and services.

    From the security perspective, one benefit introduced by Single-Sign-On is that, because it reduces the number of credentials required to sign in to multiple services to a single credential, there are fewer credentials to be lost or stolen. In addition, multi-factor authentication (MFA) or two-factor authentication (2fA) is more likely to be enforced to protect that single, powerful, credential.

    How Does Single Sign-on Work?

    The service creates an authentication token that remembers that the user is verified, whenever a user signs in to an SSO service. An authentication token is a piece of digital information stored either in the user's browser or within the SSO service's server.
    Only when the SSO service stores a user identity, it remembers a user. Most SSO services checks the user credentials against a separate identity management service.
    Let us see an example for how SSO works for Google and its other services. For example, when you try to access Gmail without being authenticated, Google redirects you to a central service, hosted at accounts.google.com. There, appears a sign in form where you will have to input your user credentials. Google redirects you to gmail if the authentication process is successful. There you will gain access to your gmail. After authenticating through this central service, if you head to another service (For eg. Youtube), you will see that you are automatically signed in.

    Types of SSO  
    1. Federated Identity Management (FIM) - FIM refers to a trust relationship created between two or more domains or identity management systems. Single Sign-on is often a feature that is available within an FIM architecture
    1. OAuth (Open Authorization ) - Open standard authorization protocol that transfers identification information between apps and encrypts it into machine code
    1. OIDC (OpenID Connect) - It sits on top of OAuth 2.0 to add information about the user and enable the SSO process.
    1. SAML (Security Access Markup Language) - Open standard that encodes text into machine language and enables the exchange of identification information
    1. Kerberos - Kerberos a protocol that enables mutual authentication. Thus, user and server can verify each other's identity on insecure network connections.
    1. Smart card authentication - Beyond traditional SSO, there exists hardware that can facilitate the same process as physical smart card devices that users can plug into their computers. Cryptographic keys on the smart card interacts with the computer software to authenticate the user.

    We are going to use ADFS (Active Directory Federation Services), which is a type of Federated Identity Management system. It also provides Single Sign-on capabilities. The below steps use Azure Active Directory Service to implement SSO using ASP.NET CORE 5.0. How to Implement SSO Using Azure AD in ASP.NET Core Web Application Before getting into the development you need the following prerequisites.
    1. Visual studio 2019 or Visual studio code
    2. Azure portal account with appropriate rights
    3. .NET Core SDK 3.1 and above (Recommended to go with the latest version)
    Download Links

    https://visualstudio.microsoft.com/vs/  - VS 2019 https://code.visualstudio.com/  - VS Code https://dotnet.microsoft.com/download  - .NET Core SDK

    Setting up your App in Azure AD
    1. Log in to the Azure portal using with your account, make sure your account is having administrator permission
    2. Select Azure AD from the azure service menu or use the search box to find the Azure AD service
    3. Under manage select App Registration > New Registration
    4. Enter the Name of your project, select Supported account types as, “Account in this organization only”
    5. Enter Redirect URL as “https://localhost:44321/signin-oidc”. We can change this URL later. For local debugging, you need to add this URL also make sure you have entered in the right port and controller
    6. Click on the Register button to complete your registration
    7. Upon successful registration, it will redirect to the detail page where you will find the Tenant id, client id, etc.,
    8. Under the Manage, click on “Authentication” and for Front-channel logout URL, enter https://localhost:44321/signout-oidc
    9. Under Implicit grant and hybrid flows, select ID tokens and hit the save button
    You are now done with setting up app registration.

    Since you will be having knowledge on creating ASP.NET/MVC application using visual studio, I am not going to cover those things.
    1. Open/Create new ASP.NET/MVC project

    2. Open appsettings.json file

    3. Add the following code
    "AzureAd": { "Instance": "https://login.microsoftonline.com/", "ClientId": "your-client-id", "TenantId": "your-tenant-id" },

    1. Install following nuget package
    2. Install-package Microsoft.AspNetCore.Authentication.OpenIdConnect install-package Microsoft.Identity.Web
    1. Open startup.cs file and replace “ConfigureServices” method with below code
    public void ConfigureServices(IServiceCollection services) { .services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"));   services.AddControllersWithViews(options => { var policy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .Build(); .options.Filters.Add(new AuthorizeFilter(policy)); }); services.AddRazorPages() .AddMicrosoftIdentityUI(); }

    1. Open index.chtml file and enter the below code
    @if(User.Identity.IsAuthenticated) { @User.Identity.Name }

    1. Save all your files, build and run the application… you are done.

    Conclusion
    We just learned how to implement Azure AD authentication in ASP.NET 5.0 web applications. Decentralized systems are becoming more common, and authentication is an essential aspect of all of them. SSO solves a big problem that is to manage the increasing number of users across a whole ecosystem of applications and services. Integration SSO to your new or existing application is much easier with Frameworks such as OpenID Connect or services such as we provide at Auth0. Consider integrating SSO from the get-go, if you are implementing authentication for a new application or service.

    References
    https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp
    • Author
    • Recent Posts
    Prakash Bhaskar
    Latest posts by Prakash Bhaskar (see all)
    • Azure AD single sign-on (SSO) integration in .Net core application - May 3, 2021

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    Recent Posts

    Work from benefits for employees and employers
    Benefits of Remote Work to Employee and Management  January 30, 2023
    How to improve mobile UI and UX with 10 simple design changes May 13, 2022
    Bits and bytes of RESTful API September 9, 2021
    Do you want to become a mobile app developer August 11, 2021

    Categories

    • Data Analytics
    • Digital Technology
    • Employee wellness
    • Experiences
    • Hackathon
    • Infrastructure
    • Mobile app development
    • Software Development
    • Tech

    Archives

    • January 2023
    • May 2022
    • September 2021
    • August 2021
    • June 2021
    • May 2021
    • March 2021
    • January 2021
    • June 2020
    • March 2020
    • February 2020
    • June 2019
    Genix
    Genix is a software products, services and consulting company with specialization in Healthcare IT

    Services

    • Software Development
    • Testing and QA
    • Data and Analytics
    • Product Customization
    • IT Infrastructure
    • IT Enabled Services

    Contact Info

    • 50 South Main Street, Suite 200
      Naperville, IL - 60540
    • 1-888-466-6066
    • info@genixtec.com

    Accreditations

    Copyright © 2021 Genix Technologies, All Right Reserved

    • Privacy Policy