Azure EasyAuth Module

Owned by Dev Raj Gautam, created
Last updated: Feb 16, 2022
2 min read

The EmpowerID Azure EasyAuth Http Module (AzEasyAuth HttpModule) is an in-process component that enables legacy .NET web applications to transition Identity Management to the Azure App Service environment. This HTTP module allows you to utilize the built-in authentication/authorization capabilities of the Azure App Service with little or no code changes to your legacy apps.

AzEasyAuth HttpModule will pre-process requests, user claims transformation, and identity generation before your application receives and processes the HTTP request. The Figure below shows the typical process flow involving the AzEasyAuth HttpModule.

The given process diagram depicts an environment with Azure Active Directory as the authentication provider, and an application configured to use the AzEasyAuth HttpModule.

 

  1. A user attempts to access the application hosted in the App Service (sends a request).

  2. A user is authenticated by

    1. The App Service determines that the user is not authenticated and asks the user to authenticate.

    2. App Service will determine if the user has successfully authenticated when asked or was already authenticated. Once authenticated, the request is sent to the AzEasyAuth HttpModule.

  3. The HTTP module invokes a pre-process logic to generate a claims principal from the default claims sent from the App Service.

  4. In cases where the application has custom claims transformation, the HTTP invokes it. If no custom claims transformation logic is in the application, the HTTP module sets the HttpContext.User to the default claims principal.

  5. The application processes the request and responds to the user (sends a response).

Step 1: Register Easy Auth HTTP Module

Assembly information of Easy Auth HTTP Module

  • Class: EasyAuthHttpModule

  • Assembly: EmpowerID.AzEasyAuth.HttpModule.dll

  • Platform: .NET Framework 4.7.2

 

  1. Register the HTTP module as below in the Web.Config file of the web application you wish to enable the AzEasyAuth HttpModule.

    <system.webServer> <modules> <add name="EasyAuthHttpModule" type="TheDotNetFactory.Framework.ClassLibrary.EasyAuthHttpModule,EmpowerID.AzEasyAuth.HttpModule, Version=4.0.180.1, Culture=neutral, PublicKeyToken=2d2253f74d4496ef" /> </modules> <validation validateIntegratedModeConfiguration="true" /> </system.webServer>

  2. You may also add a custom claims transformer using the “ClaimsTransformer” in the app setting, as shown below. The value of this setting is the assembly fully qualified name of the type that implements the ClaimsTransformer abstract class in the EmpowerID.AzEasyAuth.HttpModule.dll assembly. 

    <appSettings> <add key="ClaimsTransformer" value="AzEasyAuthAppTemplate.MsClaimsIdentity,AzEasyAuthAppTemplate"/> </appSettings>

Step 2: Implement the Custom Claims Transformer

  1. Create a Class Library project and reference the AzEasyAuth HttpModule assembly, EmpowerID.AzEasyAuth.HttpModule.dll.

  2. Add a class (i.e., MsClaimsIdentity) that derives from the ClaimsTransformer abstract class.

  3. Implement the ProcessClaims method and set the HttpContext.User consistent with your application.

 

Modernizing Legacy .Net Apps with Azure AD