Adding Sign-On to Your Web Application Using Windows Azure AD

source article

Single Tenant Application Architecture

This walkthrough focuses on the following scenario: a developer has a web application that he plans to deploy in the cloud, and he only wants users from a Windows Azure Active Directory tenant to be allowed access. To accomplish this, he will need to:

  1. Register the web app in your Windows Azure AD tenant. Once the app is known, Windows Azure AD will accept users’ requests to authenticate against it.
  2. Add something in front of your app, so that:
    1. Unauthenticated requests can be blocked and redirected toward the correct Windows Azure AD tenant for user authentication
    2. Users who authenticated with Windows Azure AD can be recognized and granted access