Secure Access to ASP.NET Application with Azure Active Directory

Azure Active Directory Integration

Question

You deploy an Azure virtual machine that runs an ASP.NET application. The application will be accessed from the internet by the users at your company.

You need to recommend a solution to ensure that the users are pre-authenticated by using their Azure Active Directory (Azure AD) account before they can connect to the ASP.NET application.

What should you include in the recommendation?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D

You can manage service principals in the Azure portal through the Enterprise Applications experience. Service principals are what govern an application connecting to Azure AD and can be considered the instance of the application in your directory.

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added

The correct answer is D - an Azure AD enterprise application.

Explanation:

To secure the ASP.NET application and ensure pre-authentication of users, we need to use Azure Active Directory (Azure AD) for authentication and authorization. Azure AD is a cloud-based identity and access management solution that provides authentication and authorization services for applications and services.

To integrate Azure AD with our ASP.NET application, we need to create an Azure AD enterprise application. An enterprise application is a representation of an application in Azure AD that allows users to sign in and access the application. Once we create an enterprise application, we can configure it to allow access to our ASP.NET application.

To configure the Azure AD enterprise application, we need to:

  1. Register the application in Azure AD and obtain an application ID and secret.
  2. Configure the application to require Azure AD authentication.
  3. Add the users and groups who are authorized to access the application.
  4. Configure the application to redirect users to the ASP.NET application after successful authentication.

Once the enterprise application is configured, users will be prompted to sign in to Azure AD before they can access the ASP.NET application. This ensures pre-authentication of users before they can connect to the ASP.NET application.

Option A (a public Azure Load Balancer) is not relevant for authentication and authorization.

Option B (Azure Application Gateway) can provide SSL termination, load balancing, and web application firewall features, but it does not provide authentication and authorization services.

Option C (Azure Traffic Manager) is a DNS-based traffic load balancer that can distribute traffic across multiple endpoints, but it does not provide authentication and authorization services.