Azure Application Proxy with ASP.net Core 3.0
Summary
In this post I’ll demonstrate how you can quickly create an Azure Application Proxy to access an application hosted in an On-premise private network. The two pre-authentication mechanisms I’ll test are Azure AD authentication and Passthrough.
Components
- Windows 10.
- ASP.net Core Application with Network Authentication.
- IIS Web Server.
- Azure Application Proxy Setup.
Internet Information Services Setup
Internet Information Services requires the following components:
- Windows 10.
- IIS installed through Turn Windows Features on or Off.
- IIS & Security Authentication (Basic & Windows).
- Install .NET Core 3.1 SDK and the ASP.NET Core Runtime 3.1.22 Hosting Bundle.
- Create a new website (Take note of the publishing directory).
The first step is to install IIS in Windows 10. You can do this quickly by going to the Windows Features.
ASP.NET Core Application
The fastest way to create a Active Directory Domain Services authenticated application is to use the Visual Studio template setup.
Create a new Visual Studio Project with the following properties:
- ASP.NET Core 3.1 Application
- Target Framework should be 3.1 and NOT 5.0.
- Enable Windows Authentication during the Visual Studio project setup.
Publish the ASP.NET Core Application
Publish the Application to an IIS directory.
Enable Windows Security
Enable Windows Authentication in the website settings feature.
Logon to the Website
If all goes well, you should see the following:
You should be prompted to logon with your credentials.
Setup Azure Application Proxy
There are two steps to complete.
- Download and Install the Connector Service.
- Configure the App.
- Add Users and Groups.
Install the Connector Service. Once installed the Connector should be active.
Go to Azure, Application Proxy and click on the + Configure an app
Configure the Application proxy as follows:
This should create a new Enterprise Application registration.
If all goes well, clicking on the Test Application button should result in the following report:
Pre-Authentication methods
There are two types of authentication methods; Azure AD and Passthrough.
Azure AD pre-authentication forces the User to logon to Azure AD before being passed through to the application. With Azure AD, typical security, policies and Conditional Access rules apply.
With Passthrough, there is no authentication; users are allowed to “pass through” to the application.
The experience between both are as follows:
Azure AD Pre-Authentication
The User is presented with the typical Microsoft logon. Once a user has signed in, they are taken directly to the application. Note that if both Azure AD is enabled with backend authentication also enabled; users are only required to supply the Azure AD credentials only.
Passthrough Pre-Authentication
Using Passthrough and backend Basic Authentication; the following prompt is shown.
Leave a comment