integrate azure AD authentication with asp.net core identity individual accounts

Question

The scenerio I am trying to tackle is as below.

1) Users can authenticate against my local database using the standard method - Works fine

2) Users can authenticate against social media platforms - Works fine

3) Now, I want certain users who have Azure AD accounts to be able to have a local account BUT get authenticated with their Azure AD. There are solutions for (1) & (2). But I couldn't found a solution that has support for all three. The closest is multi-tenant SaaS auth

For those users who should get authenticated with AD will be pre-configured in the system. (I will have their TenantID, ClientID etc... in my local DB). So, based on their user name If I can redirect to the relevant login page I should be able to support different ADs.

I am not sure how to wire it up properly (Or whether this approach is wrong/doable).

Answer 1

When a user authenticates in Azure AD, your application receives a list of claims to represent that user. You can use these claims to identify the user and 'link' these attributes to a user in your DB - for example, you can use the Name claim to obtain the user Id (that is usually the user's email), and the NameIdentifier claim for a Unique Identifier for the user (more recommended as unique identifier), and also tenantId to represent the user's tenant/company - than you can wire up these user's attributes in your DB so the user can be represented as one user regardless where they have authenticated.

• This Guided Setup is based on ASP.NET 4.x but may help you with the overall concepts - including multitenancy.
• This Code Sample contains a ASP.NET Core that shows how to integrate with Azure AD with ASP.NET Core.