Can't connect to Azure webapp using work account authentication - azure

I am creating an Azure web application that serves as a gateway to our organization's database. As I don't want our database to be accessible by the whole internet, I want to use some kind of authentication.
I achieved this authentication by following these steps:
1) Microsoft Visual Studio -> File -> New -> Project -> ASP.NET Web Application
2) Select MVC and click on the 'change authentication' button
3) Select Company or School as authentication method and fill in the right domain name
4) Now I publish the web application and browse to the link
5) I get forwarded to the login.microsoftonline page and asked to log in with my organization's email.
6) After logging in with my organization's email, localhost can't connect to the web application and throws the following error: ERR_CONNECTION_REFUSED
If I follow the same process as above but select no authentication, everything works fine. In addition, all our organizational addresses are on Azure Active Directory.
Does anyone know why I can't connect to the application and/or has suggestions to solve this?
All help is greatly appreciated!

The issue was solved by going to app services -> Authentication/Verification -> authenticate with Azure Active Directory. Thereafter, go to Azure Active Directory and add the web application's URL to reply URL's / properties of the AD instance.

Related

How to enable Authentication on Asp Classic application running on Azure

I'm facing a strange request.
We have an ASP CLASSIC application, and there is the need to make it run under Azure, with Active Directory authentication.
Is this even possible?
Any suggestion is appreciated
SOLUTION:
Using the editor in the App Service, and upload all the files of the ASP website
Enable Authentication through Microsoft Provider in the app service
On Azure Active Directory, in the Registered App, is possible to create groups and add user to be enabled to access the website

Ports required to open for Azure Active Directory

In my company, a few ports are blocked and I am unable to identify a list of ports to tell my IT team to whitelist.
I am using Visual Studio 2015.
The reason why I am being so specific on ports is that, these steps I have followed at my home machine & I found no issues. The problem is only in my company due to Proxy/Port/Firewall.
Steps followed:
I have created a sample MVC Web application & kept authentication as default (Individual User Accounts).
After creating this application, I right-clicked on the project & clicked on Configure Azure AD Authentication & followed the steps properly.
I created a few users in Azure Portal and ran the application which is working fine.
Then I deployed the application on my local IIS by changing connectionstring (which got created in Step 2) from localDB to SQLExpress
The application isn't working after deploying on local IIS in my company but working on my home machine.
I am unable to identify the ports/proxy settings which I need to tell my company to whitelist.
Please help me. Thanks!
Have a look at the Hybrid Identity Required Ports and Protocols documentation, find your scenario and see the ports needed for that.
The following document is a technical reference on the required ports and protocols for implementing a hybrid identity solution. Use the following illustration and refer to the corresponding table.

Net Core 2 app login redirect not working in azure

Ive inherited a asp net core 2 mvc app that we want to host in azure. I have managed to publish it to azure but when i access the url i get this error:
AADSTS50011: The reply address
'http://myAzureSite.azurewebsites.net/signin-oidc' does not match the
reply addresses configured for the application:
'xxxxxxx-xxx-xxxx-xxxx-xxxxxxxxxx'.
The appsettings.json has it configured as:
"CallbackPath": "/signin-oidc",
The url of the site is
http://myAzureSite.azurewebsites.net
When i run it in my local development environment the login redirect works perfectly. I guess something needs to be configured in the Azure portal but where do i find it?
You need to find the application in Azure AD, and add https://myAzureSite.azurewebsites.net/signin-oidc in the Reply URLs.
Go to Azure Active Directory -> App registrations -> All apps -> Find your app -> Settings -> Reply URLs.
If you don't see Azure Active Directory on the left sidebar, you can find it from All services.
Note you should use HTTPS, not HTTP.
It is possible the reply URL is already configured, but your login would fail since you are accessing your app over HTTP.

Windows Authentication in IIS

I have 2 web services A and B hosted under the same web site. Web Service A uses/calls the APIs of web service B.
Both the services are using the "Custom Application pool" as they need to access Database...and I need to use Windows Authentication for both the services.
So when I try to call the API of service A, it prompts me for userName and password and after that it throws an error.
Now if I change the authentication of web service B to anonymous, it works fine.
It seems to be double-hop issue but I am not sure how to fix it..
Please help me in fixing this issue..
Thanks

Azure App Services trusted connection to SQL Azure

I have a web application hosted in Azure App Services (allowing anonymous access) that I need to connect to a SQL Azure DB through a TRUSTED CONNECTION. My business will not allow me to store a password in the web.config (hence the "trusted connection" requirement). Can someone please point me in the right direction?
UPDATE:
We are using Azure AD. I have looked into running the app under an AD account (can't figure out how to do this). I have also tried to find what account the app is running under so I can add that to the DB (can't figure this out either)
Active Directory IS the answer you're looking for- you'll want to do Token Authentication.
The short explanation is that your application needs to be registered with Azure Active Directory (AAD), and that you need to create a SQL login for the application that maps to the AAD principal; the application using the token (certificate) is able to authenticate as the AAD principal and will be able to connect to the database.
We created a tutorial that covers the ability to connect without putting a password in your config- you'll need to use a certificate. This demo covers how to do it with a self-signed/self-created cert.

Resources