How to incorporate existing Azure AD authentication into an existing, IIS-hosted, on-premises environment

Question

I am overseeing operations and development for an internal system at a company using Windows Server 2022. Until now, this system did not have any authentication, and was accessible by anyone. I would like to implement Azure AD authentication using the Open ID Connect method.

However, none of the development team members have experience with Azure AD authentication, and we are unclear about how to proceed with its implementation. Could anyone who is knowledgeable in this area provide some guidance?

In addition, if anyone has information on how to add Azure AD authentication to an existing web application hosted on IIS, that would be extremely helpful.

Our application configuration is as follows: Windows Server 2022 + IIS 10.0 + ASP.NET front-end: .NET Framework 4.8

Any assistance would be greatly appreciated. Thank you in advance.

Answer 1

You can follow these below steps to Implement Azure AD authentication using Open ID Connect in your existing ASP.NET application:

1)Register app in azure AD:

• Go to the Azure portal.
• Register your application in Azure Active Directory to obtain the Client ID and Tenant ID.
• Configure the redirect URI to point to your application.
• Generate a client secret if required.

2)Installl Microsoft.IdentityModel.Protocols.OpenIdConnect, Microsoft.AspNetCore.Authentication.AzureAD.UI, and Microsoft.AspNetCore.Authentication nuget packages

3)Startup.cs:

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
             .AddAzureAD(options => Configuration.Bind("AzureAd", options));
     services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
     {
         options.Authority = options.Authority + "/v2.0/"; // To use the v2.0 endpoint
         options.TokenValidationParameters.ValidateIssuer = true;
     });

In the Configure method of Startup.cs, ensure you have app.UseAuthentication(); before app.UseMvc();

4)appsettings.json:

 "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
         "Domain": "YOUR_AZURE_AD_DOMAIN",
         "TenantId": "YOUR_TENANT_ID",
         "ClientId": "YOUR_CLIENT_ID",
         "CallbackPath": "/signin-oidc"
     }

5)Add[Authorize] attribute to the controllers or actions you want to secure.

6)Configure the web.config file in your ASP.NET application to use the Azure AD authentication settings, such as the Client ID and Tenant ID.