Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Asp.net Identity using password and Azure Active Directory authentication

I'm building an ASP.NET MVC 5 web site using Asp.net Identity (OWIN) and want to support both traditional username/password authentication as well as authentication against Azure Active Directory. This app does not need to authenticate against Microsoft IDs (Live IDs), Facebook, Twitter or any of the other external providers. The closest SO question I found is this one: How to do both Azure Active Directory Single Sign On and Forms Authentications on ASP.NET MVC

I've looked at the samples that get created when you create a project using the "Individual User Accounts" option as well as the "Work and School Accounts" option in VS 2015. I have authentication working well individually; it's only when I try to combine them that I'm running into problems.

In my Startup_Auth.cs file, I am configuring OWIN like this:

    public void ConfigureAuth(IAppBuilder app)
    {

        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        //app.UseCookieAuthentication(new CookieAuthenticationOptions { });

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
            LoginPath = new PathString("/account/sign-in")
        });

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = authority,
                TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
                {
                    ValidateIssuer = false,
                },
                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    SecurityTokenValidated = (context) => 
                    {
                        return Task.FromResult(0);
                    },
                    AuthorizationCodeReceived = (context) =>
                    {
                        return Task.FromResult(0);
                    },
                    AuthenticationFailed = (context) =>
                    {
                        context.OwinContext.Response.Redirect("/Home/Error");
                        context.HandleResponse(); // Suppress the exception
                        return Task.FromResult(0);
                    }
                }
            }
        );
    }  

This configuration works for password authentication, but doesn't work for AAD authentication. To enable AAD authentication I need to either comment out the line setting the AuthenticationType

AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,

Or, just set CookieAuthentication with no values.

app.UseCookieAuthentication(new CookieAuthenticationOptions { });

I'd guess that there is a relatively simple approach to this and would appreciate some ideas on where to start looking.

like image 453
ChrisW Avatar asked Jul 27 '15 18:07

ChrisW


People also ask

How would you implement Azure AD authentication in ASP.NET application?

In the New ASP.NET Project dialog, select MVC, and then click Change Authentication. On the Change Authentication dialog, select Organizational Accounts. These options can be used to automatically register your application with Azure AD as well as automatically configure your application to integrate with Azure AD.

How do you implement Azure AD authentication in .NET Core?

Select ASP.NET Core Web Application>Choose Web Application (Model-View-Controller) template> Click on the "Change Authentication" button>Select "Work or School Accounts". Choose Cloud - Single Organization. Fill up the field of Domain which is the Azure Active Directory tenant name (say, softdreams.onmicrosoft.com).


1 Answers

I searched examples from Microsoft. And all of them look like your solution. Look here:

  1. WebApp-WSFederation-DotNet
  2. WebApp-MultiTenant-OpenIdConnect-DotNet
  3. WebApp-OpenIDConnect-DotNet

Another example is here with WindowsAzureActiveDirectoryBearerAuthenticationOptions

like image 122
Backs Avatar answered Sep 21 '22 20:09

Backs