Share via

How to configure ASP.NET Single Sign On instead of Windows Authentication using open source

BeUnique 2,332 Reputation points
2025-04-15T07:09:50.09+00:00

I developed many applications using windows authentication and same has to be configured in the Company Windows Server IIS.

Application is working fine now.

I am getting new requirement, we want to migrate/implement all the server hosting application using SSO (Single Sign-On) instead of windows authentication using Open Source.

I have less time to configure and achieve the above tasks.

Also, i have no idea how to and where to start to configure SSO in ASP.NET application.

pls. guide me to proceed and implement in ASP.NET application step by step (both in local and server).

ASP.NET Core Training
ASP.NET Core Training
ASP.NET Core: A set of technologies in the .NET Framework for building web applications and XML web services.Training: Instruction to develop new skills.
55 questions
Accepted answer
  1. Pradeep M 7,620 Reputation points Microsoft External Staff
    2025-04-15T09:50:59.37+00:00

    Hi BeUnique,

    Thank you for reaching out to Microsoft Q & A forum. 

    To replace Windows Authentication with Single Sign-On (SSO) in your ASP.NET application using an open-source solution, I recommend using OpenID Connect (OIDC) with an identity provider like Keycloak. 

    1.Set Up Keycloak Locally You can quickly run Keycloak using Docker: 

    docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:latest start-dev

    Then, access the admin console at http://localhost:8080 to create a Realm, Client, and test Users. 

    2.Configure Your ASP.NET Application 

    Add the OpenID Connect package: 

    dotnet add package Microsoft.AspNetCore.Authentication.OpenIdConnect

     In your Startup.cs or program setup, configure authentication using the Keycloak settings (authority URL, client ID, secret, etc.). 

    3.Secure Your Application Use the [Authorize] attribute to protect controllers or pages that require authentication. 

    4.Deploy to Server Host Keycloak on your server (Docker or standalone) and update the redirect URLs in both Keycloak and your ASP.NET app settings.    

    If you have found the answer provided to be helpful, please click on the "Accept answer/Upvote" button so that it is useful for other members in the Microsoft Q&A community.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bruce (SqlWork.com) 74,451 Reputation points
    2025-04-16T16:30:30.8466667+00:00

    you first need to pick a SSO technology. Now days most SSO solutions are oauth based. You can host a on-premise SSO server, or use a cloud based solution like Entra Id. Be sure your choice supports authentication against window accounts (may use LDAP). identityserver4 was a popular choice for on-prem, but its no longer free:

    https://duendesoftware.com/products/identityserver

    Once you have installed/configured the SSO authentication server it's time to modify your applications to use oauth. the easiest is to use the Microsoft OIDC authentication libraries (for asp.net 4.* you need to switch to the owin pipeline).

    depending on how your applications used authentication, you may need other code changes. with SSO impersonation is not supported, so the thread identity is the pool account.

    also if you code used windows permissions, the users windows handle is not available, so your code will need an alternate approach to getting the permissions, typically via ldap. Entra Id supports the graph api to lookup the permissions.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.