Web Connection
Help with Microsoft SSO
Gravatar is a globally recognized avatar based on your email address. Help with Microsoft SSO
  jack
  All
  Jun 8, 2021 @ 01:33am

Iam wondering if someone can guide me or share code of how to enable SSO authentication in webconnection website. On Microsoft Cloud Side, I am ok. on website side, I understand this has to be custom authentication. But not sure how to do the redirection to Microsoft & get the authenticated email and use same for authorization inside my application. Presently I am using Forms authentication and users are in usersecurity table and it works well. I am now working to have SSO as additional authentication. Thank You

Gravatar is a globally recognized avatar based on your email address. re: Help with Microsoft SSO
  Rick Strahl
  jack
  Jun 8, 2021 @ 10:56am

There are no easy solutions to this, but you basically need to implement the oAuth/OpenId Connect workflows, which is a bunch of back and forth between the provider and application. It shouldn't matter whether you're on Azure or running your own Web site - the process is really the same.

Basically it works something like this (although the semantics are all different for different services):

  • You redirect to a signon page
  • When logged in (or failed) the service calls your application at the URL provided (pre-configured URL)
  • You basically have to echo back the data they sent with your encryption key to another URL
  • The service calls you back with an authentication token you can attach to a Cookie or give to API client

It's messy to implement and never easy and although similar each provider has a different implementation for names, URL formats etc.. When using platforms like .NET they often have pre-made components that provide this functionality as part of the framework. But for something like Web Connection you basically have to read the documentation for the provider and hand implement this functionality yourself.

Another alternative is to use a service like AuthZero (and many others) for authentication - they basically provide you with a JavaScript API that lets you integrate many providers (ie. Google, Microsoft, Github, Twitter, Facebook etc.) using a single interface. Rather than implementing all the back and forth messaging you just call an API that then does the rest on their servers and feeds you back a token. These services are nice, but they aren't cheap unfortunately.

+++ Rick ---

© 1996-2021