Menu
I'm building an ASP.NET MVC 5 web site using Asp.net Identity (OWIN) and want to support both traditional username/password authentication as well as authentication against Azure Active Directory. This app does not need to authenticate against Microsoft IDs (Live IDs), Facebook, Twitter or any of the other external providers. The closest SO question I found is this one: How to do both Azure Active Directory Single Sign On and Forms Authentications on ASP.NET MVC
I've looked at the samples that get created when you create a project using the "Individual User Accounts" option as well as the "Work and School Accounts" option in VS 2015. I have authentication working well individually; it's only when I try to combine them that I'm running into problems.
In my Startup_Auth.cs file, I am configuring OWIN like this:
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
//app.UseCookieAuthentication(new CookieAuthenticationOptions { });
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
LoginPath = new PathString("/account/sign-in")
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
return Task.FromResult(0);
},
AuthorizationCodeReceived = (context) =>
{
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
context.OwinContext.Response.Redirect("/Home/Error");
context.HandleResponse(); // Suppress the exception
return Task.FromResult(0);
}
}
}
);
}
This configuration works for password authentication, but doesn't work for AAD authentication. To enable AAD authentication I need to either comment out the line setting the AuthenticationType
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
Or, just set CookieAuthentication with no values.
app.UseCookieAuthentication(new CookieAuthenticationOptions { });
I'd guess that there is a relatively simple approach to this and would appreciate some ideas on where to start looking.
453
In the New ASP.NET Project dialog, select MVC, and then click Change Authentication. On the Change Authentication dialog, select Organizational Accounts. These options can be used to automatically register your application with Azure AD as well as automatically configure your application to integrate with Azure AD.
Select ASP.NET Core Web Application>Choose Web Application (Model-View-Controller) template> Click on the "Change Authentication" button>Select "Work or School Accounts". Choose Cloud - Single Organization. Fill up the field of Domain which is the Azure Active Directory tenant name (say, softdreams.onmicrosoft.com).
I searched examples from Microsoft. And all of them look like your solution. Look here:
Another example is here with WindowsAzureActiveDirectoryBearerAuthenticationOptions
122
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
