WAAD Single Sign-on for existing application

Question

We have a Web API project with a bunch of HTML pages which we use it to do basic CRUD operation and as of now we do not have any kind of security features on it.Hence, we are planning to add a single-sign on this web application so that only authorized users can only do create,delete and update operations on database.

When I was looking for help on-line i.e. how to add single sign to a existing application all the Microsoft blog posts are directing us to this article. I was just wondering is there any widget like "Identity and Access" to add single-sign-on to an existing application from VS2013.

Answer 1

There isn't an equivalent of the Identity and Access tooling for VS2013, but if you use the new OWIN modules, you can easily add web sign-on to an existing app for the WS-Federation and OpenID Connect protocols. OWIN just takes a few lines of code -- you don't have to have a complicated web.config for managing the old WS-Federation modules, for example. You can read Vittorio's blog post about the WS-Federation version, download the new code sample that uses the OpenID Connect version, and read the Authentication Scenarios: Web Browser to Web Application topic that describes how the protocol flow works in your application.

Getting down to the actual implementation, you basically just do the following to an existing project:

1. Add the NuGets for the OWIN middleware to your project
2. Create a Startup.Auth.cs file in your App_Start folder with a few lines of configuration for your application and directory info
3. Make a few small changes to the Startup.cs file to use the settings from Startup.Auth.cs
4. Add the [Authorize] attribute to the controller/page you want to be secured, which will trigger the sign-in flow

That's about it. The code sample will show you the actual changes you need to make, but it's a lot simpler/cleaner than using the WIF modules.