Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using Windows Azure Active Directory for Public Users

I understand that WAAD is meant for internal organizational accounts. I understand the concepts behind ADFS and other "AD in the cloud" related topics. But is there really anything that is preventing WAAD to be used for public accounts?

I want to build a public facing web site using ASP.Net MVC. I will use WIF to implement claims authentication and plan to use ACS as a claims federation provider. I want to allow the end users to login using Social Network Accounts (out of the box with ACS). But I also want to allow users to register their own user name and passwords for my web site. Can I use WAAD for this part?

Of course I could build my own custom STS. Or I could use Thinktecture IdentityServer for this purpose. But there are some clear advantages of sticking with WAAD:

  • simplicity (to set up WAAD as a STS to ACS takes just few clicks)
  • performance, security, reliability guaranteed by Azure SLAs

Is there any disadvantage to this approach?

like image 425
stanoislav Avatar asked Apr 17 '13 11:04

stanoislav


People also ask

Can I use Azure AD instead of Active Directory?

Unfortunately, the short answer to that question is no. Azure AD is not a replacement for Active Directory.

What is the difference between Windows Active Directory and Azure Active Directory?

Credentials in Active Directory are based on passwords, certificate authentication, and smartcard authentication. Passwords are managed using password policies that are based on password length, expiry, and complexity. Azure AD uses intelligent password protection for cloud and on-premises.

How do I use Azure Active Directory for free?

Access Azure Active Directory Go to portal.azure.com and sign in with your work or student account. In the left navigation pane in the Azure portal, click Azure Active Directory. The Azure Active Directory admin center is displayed.


Video Answer


2 Answers

You certainly can use WAAD for creating user accounts. You, also of course, have to force users to use e-mail style logins.

There is however one (BIG in my opinion) disadvantage of WAAD against ThinkTecture's Identity Server: WAAD does not have a user registration / password management / password reset flow.


UPDATE (29.07.2014)

Today WAAD provides Self-service-password-reset as part of Premium Features. However still no self-service-user-registration. Frankly I do not expect to ever see self service user registration, as WAAD is targeting enterprises, and not your specific scenario.


To implement mentioned flow in WAAD, you have to developed your own MVC App from scratch, that uses the Graph API for all mentioned scenarios.

On the other side, you have Identity Server, which has thousands of downloads, which is developed by the Gurus of Claims based authentication and security. Identity server has very rich and easy to use extensible structure. While it also does not provide the user registration and password reset flows out of the box, it is already an MVC 4 application with very rich extensibility points.

Setting up an Identity server for run in Azure is also extremely easy. And setting up Identity Server as Identity provider in Azure ACS is just couple of clicks on the management portal.

You say that WAAD is SLA backed, highly available, etc. But your Identity Server deployment on a Cloud Service will be SLA backed too if use at least 2 instances of a Web Role.

If I have to chose whether to extend Identity Server to support user registration etc, or to create entirely new application from scratch that uses WAAD GRaph API for that feature - I would use Identity Server.

like image 103
astaykov Avatar answered Oct 16 '22 16:10

astaykov


As of September this year the Azure B2C preview is there. This should satisfy the scenerio of self service user registration and different identity providers (Facebook, Google, Microsoft...). These are all serviced from AzureAD. Azure AD b2c

There is als a complete MVC sample available Azure AD b2c MVC Sample

like image 3
markwilde Avatar answered Oct 16 '22 18:10

markwilde