AAD is a wonderful tool really. Keep in mind that it has a couple of flavours, B2C (business to consumer) being the latest.
I’ve got clients who moved to it and simply love it. One is a car manufacturer who used to have to manage domains for dealers, etc. They used to spend their life with password and access issues. Now they just use 2 factor auth and cloud-based password reset, etc. and that’s all pretty much disappeared. It’s also worth thinking about the fact that AAD is what anyone using Office 365 will already be using anyway. And it can then be the directory for a big range of other things – Microsoft stuff like Power BI, Flow, Office 365, etc. but also others like DropBox, ZenDesk, etc, etc, etc. Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com<http://www.sqldownunder.com/> |http://greglow.me<http://greglow.me/> From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Greg Keogh Sent: Wednesday, 21 June 2017 10:45 AM To: ozDotNet <ozdotnet@ozdotnet.com> Subject: Re: Azure Active Directory Yooiks! I'm not quite sure what I want (which is a worry). WAAD vs AADDS You say WAAD is more light-weight, which probably suits us, I think. Overall, as a coder, I want to put all authentication and permission/roles information for all of our apps and users in a single place where it can be maintained by admin staff, and it's easy to query from .NET code. Am I wrong to regard WAAD as some sort of "magic" database to where I can stuff all our vintage data? Perhaps I'm thinking like a reductionist and expecting a quick fix. If all you need to do is put WAAD authentication in front of a web app, then this is a piece of piss. Just deploy your app into App Server or App Service Environment and then turn on Azure AD auth. The App Service intercepts requests and does the SAML login for you transparently. The logged on user gets presented back to the app in a cookie. This is a good clue. I'll look into the details of doing this. GK