User Authentication for .NET Enterprise Portal

Question

I'm working for a state office which has an enterprise portal built on legacy ASP.NET Web forms and uses the standard forms authentication. It's an intranet portal.

Login screen validates the user credentials against the SQL Server database, creates session record in the table and redirects to the home page.
It also allows the redirection to another ASP.NET application (to & FRO) using the screen name option.

Client is looking for a new authentication approach which is secured and safe to validate the user( like a single-sign on) and redirect the user to home page.

Please suggest the best secured frameworks from Microsoft or any third party providers for this type of requirement.

Tuhin Paul · Answer

For a legacy ASP.NET Web Forms intranet application, the most secure and future-proof approach is to move away from Forms Authentication and adopt a standards-based identity provider (IdP) using OpenID Connect (OIDC) and OAuth 2.0 . Startup.cs using Microsoft.Owin; using Microsoft.Owin.Security.Cookies; using Microsoft.Owin.Security.OpenIdConnect; using Owin; [assembly: OwinStartup(typeof(MyPortal.Startup))] namespace MyPortal { public class Startup { public void Configuration(IAppBuilder app) { app.UseCookieAuthentication( new CookieAuthenticationOptions() ); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = "client-id", Authority = "https://login.microsoftonline.com/tenant-id", RedirectUri = "https://portal.company.gov/signin-oidc", ResponseType = "id_token" }); } } } Login Button protected void btnLogin_Click(object sender, EventArgs e) { Context.GetOwinContext() .Authentication .Challenge( new AuthenticationProperties { RedirectUri = "/Home.aspx" }, OpenIdConnectAuthenticationDefaults.AuthenticationType); } Logout Context.GetOwinContext() .Authentication .SignOut( CookieAuthenticationDefaults.AuthenticationType, OpenIdConnectAuthenticationDefaults.AuthenticationType); Microsoft Entra ID (or ADFS if cloud usage is restricted) + OpenID Connect + OWIN middleware , with all applications federated to the same identity provider for true SSO.

Prasad Raveendran · Answer

For a Microsoft-centric enterprise intranet environment using SQL Server and ASP.NET applications, the following authentication solutions are recommended: Microsoft Entra ID – The preferred choice for most organizations due to its strong security, cloud-native capabilities, and seamless integration with Microsoft technologies. Active Directory Federation Services (AD FS) – A suitable option when cloud-based identity services are not permitted and authentication must remain entirely on-premises. Keycloak – A robust open-source identity and access management platform that supports modern authentication standards and single sign-on. Okta – A leading third-party identity provider offering enterprise-grade security, scalability, and extensive integration capabilities. For organizations modernizing ASP.NET Web Forms applications in 2026, Microsoft Entra ID combined with OpenID Connect (OIDC) is generally the recommended approach. It provides a secure, standards-based authentication framework, supports Single Sign-On (SSO), Multi-Factor Authentication (MFA), Conditional Access policies, and offers a clear modernization path for both legacy and modern applications. If the goal is to keep it simple, secure, and minimize changes to the existing ASP.NET Web Forms applications , then I would recommend choosing one of these approaches: Windows Authentication (Simplest for Intranet) - If all users are employees and use domain-joined computers: User logs into Windows | v ASP.NET Application | Active Directory

User Authentication for .NET Enterprise Portal

Insert Link

Embed YouTube Video

Table Options

Insert Image

Answers (2)