Signature: Although ASP.net identity can continue to be used as a validation authorization in ASP.net 5, it is also easy to integrate Third-party services that support standard protocols, such as Azure Active Directory.
In fact, it is very easy to integrate azuread in asp.net 5 and use it for authentication and authorization. Because: First, Azure Active directory provides the OAuth2.0, OpenID Connect 1.0, SAML, and Ws-federation 1.2 standard protocol interfaces; second, Microsoft ported the integrated OpenId in asp.net 5 Connect the Owin middleware. Therefore, as long as the "Microsoft.AspNet.Authentication.OpenIdConnect" package is referenced in the ASP.net 5 project and the Azuread connection information is properly configured, it can be easily integrated.
The approximate steps are as follows:
1, add the Azuread configuration information in the Config.json file:
"Azuread": {
"ClientId": "[Enter" ClientId of your application as obtained from portal, e.g. ba74781c2-53c2-442a-97 C2-3D60RE42F403] ",
" tenant ":" [Enter the name of your tenant, e.g. contoso.onmicrosoft.com] ",
" aadinstance ":" HTTPS://LOGIN.MICROSOFTONLINE.COM/{0} ",//This are the public instance of Azure AD
" Postlogoutredirecturi ": https:// localhost:44322/
}
2, modify the Project.json and introduce the Openidconnect middleware:
"Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*"
3, add in the Configureservices method in startup:
OpenID Connect authentication Requires Cookie Auth
Services. configure<externalauthenticationoptions> (Options =>
{
options). Signinscheme = Cookieauthenticationdefaults.authenticationscheme;
});
4, add in the Configure method in startup:
Configure the Owin Pipeline to use Cookie authentication
app. Usecookieauthentication (Options =>
{
//By default, all middleware are passive/not automatic. Making cookie Middleware automatic so this it acts on all messages.
Options. Automaticauthentication = true;
});
Configure the Owin Pipeline to use OpenId Connect authentication
app. Useopenidconnectauthentication (Options =>
{
options). ClientId = Configuration.get ("Azuread:clientid");
Options. authority = String.Format (Configuration.get ("Azuread:aadinstance"), Configuration.get ("AzureAd:Tenant"));
Options. Postlogoutredirecturi = Configuration.get ("Azuread:postlogoutredirecturi");
Options. notifications = new Openidconnectauthenticationnotifications
{
authenticationfailed = Onauthenticationfailed,
};
});
The Onauthenticationfailed method for 5,startup is:
Private Task onauthenticationfailed (Authenticationfailednotification<openidconnectmessage, Openidconnectauthenticationoptions> notification)
{
notification. Handleresponse ();
Notification. Response.Redirect ("/home/error?message=" + notification). Exception.Message);
Return Task.fromresult (0);
}
6, add a controller named AccountController:
public class Accountcontroller:controller
{
//get:/account/login
[httpget] public
Iactionresult Login ()
{
if (Context.User = NULL | |!) Context.User.Identity.IsAuthenticated) return to
new Challengeresult ( Openidconnectauthenticationdefaults.authenticationscheme, new authenticationproperties {RedirectUri = "/"});
Return redirecttoaction ("Index", "Home");
}
Get:/account/logoff
[httpget] public
iactionresult LogOff ()
{
if ( Context.User.Identity.IsAuthenticated)
{
Context.Authentication.SignOut ( Cookieauthenticationdefaults.authenticationscheme);
Context.Authentication.SignOut (Openidconnectauthenticationdefaults.authenticationscheme);
}
Return redirecttoaction ("Index", "Home");
}
The above code can also be found in the complete example project of my fork: https://github.com/heavenwing/WebApp-OpenIdConnect-AspNet5
"Update: 2015-07-16"
If you encounter a situation where you have added [authorize], but you can't automatically go to the login page, you need to:
App. Useopenidconnectauthentication (Options => {
options). Automaticauthentication = true;
});
Specific See: https://github.com/aspnet/Security/issues/357
The above mentioned is the entire content of this article, I hope you can enjoy.