0

Let me keep it simple by explaining the current setup by points

  1. We have active directory setup in on-premise
  2. We have web service hosted in Azure (ASP.NET MVC + EF + SQL Server)
  3. There is a WCF service which hosted in on-premise which talks to AD and validates the USERS
  4. We used SERVICE BUS to communicate from Azure to WCF which hosted in on premise
  5. We have setup the Express Route
  6. We have SITE to SITE VPN setup from on premise to cloud

Application is running successfully but performance was poor. So we moved the WCF layer to cloud but we still have SERVICE BUS in place.

Solution: To improve performance we have to get rid of service bus and want to make direct calls to AD from web services which hosted in Azure.

Question: Is this approach is secure?

kudlatiger
  • 361
  • 2
  • 5
  • 18

1 Answers1

1

I'd make it better. Instead of using traditional on-premises AD, use Azure AD. Basically, sync your Active Directory with Azure AD with AAD Connect tool and then use it to authenticate your Apps in a secure and faster way.

What is Azure Active Directory?

Azure Active Directory Authentication Libraries

Bruno Faria
  • 3,814
  • 1
  • 13
  • 18
  • Yes, I agree your approach but we do not have approval yet to move AD to cloud. Are you suggesting to have copy of AD in azure and synchronise it? – kudlatiger Dec 19 '16 at 06:24
  • Azure AD and AD DS in a VM are two different things. Azure AD is a PaaS solution for secure and easy to use application authentication. Once synchronized, users and other objects are still managed by the on-premises AD, but essentially it will work as if you had a read-replica in the cloud. Authentication (apps only) is performed through protocols such as SAML, WS-Federation, and OAuth. In every Azure tenant, Azure AD already exists because that´s how you login to Azure Portal in the first place. The difference is that instead of using your domain, you get an onmicrosoft.com domain. – Bruno Faria Dec 19 '16 at 12:16
  • 1
    All you need is to deploy Azure AD Connect tool on your on-premises servers and setup sync with your Azure tenant. Once completed you can set your domain as default in place of the onmicrosoft.com domain. Besides app authentication, you can also use your domain to login and manage permissions to Azure resources. – Bruno Faria Dec 19 '16 at 12:19