Blazor Wasm Hosted with SAML2 authentication

Question

Good morning,

We have a Blazor-ASP.NET Core Hosted application on .Net Core 6.

In an on-premise IIS for a client where they authenticate against their locally corporate Active Directory.

Now we proceed to migrate to the Cloud, logically we no longer have access to the client's local active directory and we need to maintain that type of authentication.

Azure Ad B2C has been ruled out since the client does not have it or want it, so we need to implement some SSO authentication mechanism with SAML2 in the application with some identity provider that the client has so that they can continue authenticating in the same way.

I can't find official documentation about it or examples on the internet to configure Server and Client(Wasm) applications with this method.

Is it feasible to do it?

If not, what would be the alternatives?

Thank you so much

Answer 1

If you don’t use azure ad b2c you will need to build the feature yourself. You will need to create an oauth server that has access to the local ad, but is accessible from the cloud hosting your application. This is because you could app will need call the oauth server to validate the token.

If you want to code this, I’d start with your own instance of identity server (no longer free) hosted in your cloud. Then use a virtual network or hybrid connection from the cloud to the local AD exposed via ldap.

https://duendesoftware.com/products/identityserver

https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections