Share via

Move on-prem web app from LDAP to Azure AD authentication

GS 21 Reputation points
2020-05-22T02:57:29.36+00:00

Hi All,

Our organization has a really old on-prem IIS ASP.NET web app and the vendor no longer exists; however, it's still heavily used by our users until we have a new solution in place. The application is configured for LDAP authentication via on-prem Active Directory. We're looking to modernize the authentication to this application via Azure SSO. We're syncing our on-prem AD users to Azure AD and our users are already familiar with navigating to MyApps to access several other applications.

We understand that we're probably going to have to modify the source code for the unsupported on-prem web app to switch from LDAP to OpenID Connect or SAML. Does anyone have any recommendations on how to get started to do this?

Thank you in advance.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,965 questions
0 comments
Accepted answer
  1. soumi-MSFT 11,766 Reputation points Microsoft Employee
    2020-05-22T03:55:12.55+00:00

    @GS , Ideally you have two options in hand:

    1. Use Azure App Proxy and publish the application so that organization users over the Internet can access it.
    2. If you plan to upgrade the authentication mechanism completely from LDAP to one of the Web auth protocols like OAuth, Open ID Connect or SAML then surely you would have to modify the code of the application and make it a claims aware application first.

    All these applications that work on either SAML, OAuth or Open ID Connect are claims aware applications what that means is, the application should be able to understand and consume the responses in form of tokens from the IDPs (Identity Providers like Azure AD or ADFS).

    I would like to share some sample web applications that are written on the ASP .net framework and implements OpenIDConnect for your reference to understand the structure and the code that you need to implement in your existing application.

    https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jai Verma 461 Reputation points
    2020-05-22T03:11:21.437+00:00

    I see two options

    1. Use Azure AD App Proxy and publish this app over the internet.
      1. You can explore Azure AD Domain Services, which can provide ldap authentication to your apps till the time you modernize the application.
    1 person found this answer helpful.
    0 comments