Authentication is the most common and important feature for any LOB applications. We are looking at moving Authentication logic outside the application so that it can be used for any number of application that you have in your organization aka “Identity as a Service”.
In this blog post I’ll walk you through how to configure Windows Azure Active Directory Authentication for existing MVC applications that you have.
1. Navigate to https://manage.windowsazure.com using a web browser and sign in using the Microsoft Account associated with your Microsoft Azure account.
2. Select Active Directory from the left pane.
Accessing Microsoft Azure Active Directory
3. Click New->Active Directory->Directory->Custom Create.
Adding a new Active Directory Tenant
4. Enter a name to describe the new domain name, the domain name and country. Click the check button to continue.
Filling Active Directory Information
5. Click on the newly created directory entry to display the User management UI (click on the Users menu). The directory tenant is initially empty, except for the Microsoft Account administering the Microsoft Azure subscription in which the new tenant was created.
Active Directory User List
6. Now you will add a new user to the directory. Click on the User menu item at the top of the dashboard then then select the Add User button in the bottom bar.
Adding a new user to Active Directory
7. In the dialog box, keep the default option of New user in your organization and type a username (e.g.: newusername). Click Next to continue.
Filling new user details
8. Enter the user profile data. Keep the Role option of User.
Filling user profile information
9. The Management Portal generates a temporary password, which will have to be used at the time of the first login. At that time, the user will be forced to change password. Click the Create check button. Take note of the temporary password, as you will need it in the following tasks. Click the check button to create the user.
Creating a temporary password
At this point, we have everything we need for providing an authentication authority in our web SSO scenario: a directory tenant and a valid user in it.
If you have done Claim based authentication this in the past, probably you would have used VS 2012 Identity and Access tool via 'Add STS Reference' window. But, Identity and Access tool or Add STS Reference is missing in VS 2013. Good news is either you can configure your application for Authentication Single Sign on using Windows Azure Active directory when you are creating a New project as shown in the below picture which will take care everything or you can use Federation Utility tool aka FedUtil.exe.
Let’s see the 2nd approach using FedUtil.exe for authenticating users on Microsoft Azure Active Directory in this blog post.
First of all, FedUtil.exe is provided with Windows® Identity Foundation (WIF). It helps you to establish trust from a relying party (RP) application to security token services (STSes).
Where can I find it?
This is am exe which sits in the installation folder of WIF SDK. So if you haven’t installed it then you have to install the SDK. Typically the path for this exe is C:\Program Files (x86)\Windows Identity Foundation SDK\v4.0
FedUtil.exe provides the following capabilities:
Okay now we know what FedUtil does, let’s now start using it to add authentication for our existing application which uses users who are in Azure Active Directory.
Now let’s open and existing MVC application in VS 2013 that we have.
1. Run the application by pressing F5 and get the URL of the application.
2. Launch FedUtil.exe
3. For Application Configuration Location point it to the WebConfig file in the project that you’re currently in.
4. Next Add the application URI that you have copied in this case since we are testing locally we can give localhost path for your MVC app. But you can give the exact URL of your Website or WebApps.
5. Now click on Next you should see the below screen. Select existing STS and paste the federationMetadata.xml. If you are wondering where is federationmetadata.xml then follow next few steps to get it.
6. Go back to management portal select the Active Directory that you have created and click on Application tab and click on add an application.
7. Click on Add application my organization is developing
8. Enter a Name for the application and click on Next
9. Enter the URL of your application in my case I’m using localhost but you can replace it with your actual application URL.
10. Click on the check mark then you should see the following page
11. Click on Enable Users to Sign on or View Endpoints and copy the federation metadata document URL
12. Paste the URL for Use an existing STS option and click next
13. Click on Next->Next->and Finish J (just check the options when you click Next you can basically can enable Certificate for STS, encrypt STS token, check the claims that is getting generated by STS and the summary)
14. Click the Web.Config file and just check what magic this FedUtil.exe did for you. It would have added all the assembly that is required for Claim based Authentication. You will also see identity information such as the screenshot below, that represents the information that Visual Studio added on your behalf, based on you authentication settings.
15. Add set entries like pages validationrequest set to false and set request validation mode to 2.0 in Web.config files for this to work
<pages validateRequest="false" />
<httpRuntime targetFramework="4.5" requestValidationMode="2.0" />
16. Now Run your application by pressing F5 If you are prompted if you want to trust the https certificate, select Yes, otherwise, step 16 will require you to select Continue.
17. A security certificate warning will appear in your browser. This is expected behavior, click Continue to this website (not recommended).
Browser displaying Security Certificate Warning
18. The URL address bar is replaced by the one of the authority, and the user is prompted to authenticate via the Microsoft Azure AD UI. Use the credentials from the user you created in earlier.
Logging in to the Application
18. You might recall that when you created the user in your Microsoft Azure AD tenant the Management Portal assigned to it a temporary password. You have to authenticate using that password. However, given that the password was meant to be temporary, during this very first sign-in operation you will be asked to choose a proper user password before being able to move forward with the authentication flow. Once you've completed the new password addition, the normal sign-in flow to the app will be restored.
Typing New User Password
19. Whola! Finally we have successfully authenticated for the application using Azure Active Directory.
20. You can find all the claim information in C# code using ClaimsPrincipal.Current property
ClaimsPrincipal cp = ClaimsPrincipal.Current;
Var Name= cp.FindFirst(ClaimTypes.Name).Value;
By default only Name is enabled by the tool, you can update the application config file to add/update the claim requirements.
Thanks for reading!
1- Download the MakeCert tool from the SDK to create the certificates for the VPN:
Install Windows Software Development Kit (SDK) for Windows 8.1 https://msdn.microsoft.com/en-us/windows/desktop/bg162891.aspx
Only Select windows software development kit and net framework 4.5.1 software development kit those should be enough to have the MakeCert tool for creating the VPN certificate
2- Create the certificate:
Create a folder on your c: drive and run the following commands
PS C:\TempFolder> & 'C:\Program Files (x86)\Windows Kits\8.1\bin\x64\makecert.exe' -sky exchange -r -n "CN=RootCertificateName" -pe -a sha1 -len 2048 -ss My "RootCertificateName.cer"
PS C:\TempFolder> & 'C:\Program Files (x86)\Windows Kits\8.1\bin\x64\makecert.exe' -n "CN=ClientCertificateName" -pe -sky exchange -m 96 -ss My -in "RootCertificateName" -is my -a sha1
From MMC verify that the RootCertificate is installed on your Local Machine Root Certificate Container and that the ClientCertificate is installed in the Local Machine Personal Certificate container.
3- Enable VPN Point to Site
4 -Add a Subnet for the VPN client Address
5- Add Gateway to the Virtual Network you already have
5- Upload the Certificate
6- Now the Client will appear to Download
Download either 64 or 32 and you are now set to connect
This video is the fourth part that will help you to understand the different aspects of a classic Tower Defense game and how to implement them in Construct 2. Here you can find the links for the previous parts:
All the videos can also be found in my YouTube Channel http://bit.ly/hielotube even after they have been deleted from Twitch.
In this video I start a detailed explanation on how to implement a creep wave system in your own game. The following videos will give you the chance to have a fairly flexible system that can be tweaked and modified in a few minutes.
All comments are greatly appreciated.