What are the pros/cons of using .NET Identity 2.1 versus Azure Active Directory (Premium)?
We currently have an MVC 5.x application using Identity 2.1 for registration, sign-in, password resets, etc. A Microsoft consultant is suggesting we should swap to Azure Active Directory to remove the complexity of "maintaining your own security".
What are the reasons to make the swap and why wouldn't you?
I wouldn't say the two are mutually exclusive. Asp Identity has that functionality built in but you don't have to use it. Actually, you could create your own userstores, managers etc. that poll the azure AD for this info. Identity allows you to use it, override it, or skip it entirely.
Why you wouldn't want to do this? Not everyone has AD. Not everyone needs it. The bare-bones approach that the templates use are simply application managed users and claims.
If you are targeting multiple applications and want SSO and have AD then you can take advantage of it. Developing your own at this point is redundant and more work/maintenance as the consultant pointed out.
You will still probably have a Users table and possibly others in your app database because you may have business functions unrelated to AD but boilerplate stuff would all be managed via AD.
Another issue you may run into is the need to authenticate app specific users outside your AD. At that point you may choose to implement a mixed solution. One half polling AD for internal users, and the other falling back on Identity for external users.
