...
- Since the current Admin App already supports adding users and assigning roles to the users under the ASP.Net Identity system, it makes sense to use the infrastructure for the other login systems as well. However, this poses a challenge as we don't have granular control over the other systems. For Eg. for each new user registered with the ASP.Net identity system, a record is created in the existing adminapp.Users table. However, we currently don't have a similar record for the Windows authenticated or Azure AD authenticated user. If we decide to create dummy records manually using the login information from these two login systems, we might not be given adequate access to all the information needed to have a complete record of the user. This might, further, create problems as the user table might have a mixed bag of users with empty fields in some cases. We also, then, have to keep track of the login system used by the user and make schema changes to accommodate that.
- Another approach to support multiple login systems can be to maintain an external Roles table and keep track of the different types of users there. However, this leads to several overheads of keeping an additional column to keep track of the login system as well as maintaining an extra Role table.
- ASP.Net Identity provides an easier way to customize the user schema and tailor it according to the requirements. Customizing the other login systems in a similar vein to ASP.Net Identity may prove to be challenging.
How does moving away from Active Directory affect the application code base?
- Safe Removal/Refactor of Azure Active Directory infrastructure from EdFi.Ods.AdminApp.Management.Azure and the corresponding tests from EdFi.Ods.AdminApp.Management.Azure.IntegrationTests
- Safe Removal/Refactor of Azure Active Directory infrastructure from EdFi.Ods.AdminApp.Web (AzureInstaller.cs, Infrastructure/CloudOdsAdminAppSettingsForAzure.cs, Infrastructure/CloudOdsAzureActiveDirectoryClientInfo.cs)
- Safe Removal/Refactor of unit tests testing Azure Active Directory integration.
- Thorough testing of the registration/login process on the On-Premise and Azure versions of the Admin App.
Expected Tickets
Following are some of the major expected tickets for the feature in the order of implementation (from start to finish):
...
Remove Azure AD SupportJira Legacy server Ed-Fi Issue Tracker serverId e04b01cb-fd08-30cd-a7d6-c8f664ef7691 key AA-777 Jira Legacy server Ed-Fi Issue Tracker serverId e04b01cb-fd08-30cd-a7d6-c8f664ef7691 key AA-778 - Create the User List page
- Implement/Refactor Add User
- Implement Delete User
- Implement Edit User
- Implement "Assign ODS Instance to User"
- Create Role and Permission models and required tables
- Implement Role Assignment in Edit User
- Enforce Permission requirements on controller actions
...