asp.net 5 use Azuread to implement single sign-on _ Practical Tips

Signature: Although ASP.net identity can continue to be used as a validation authorization in ASP.net 5, it is also easy to integrate Third-party services that support standard protocols, such as Azure Active Directory.

In fact, it is very easy to integrate azuread in asp.net 5 and use it for authentication and authorization. Because: First, Azure Active directory provides the OAuth2.0, OpenID Connect 1.0, SAML, and Ws-federation 1.2 standard protocol interfaces; second, Microsoft ported the integrated OpenId in asp.net 5 Connect the Owin middleware. Therefore, as long as the "Microsoft.AspNet.Authentication.OpenIdConnect" package is referenced in the ASP.net 5 project and the Azuread connection information is properly configured, it can be easily integrated.

The approximate steps are as follows:

1, add the Azuread configuration information in the Config.json file:

"Azuread": {
  "ClientId": "[Enter" ClientId of your application as obtained from portal, e.g. ba74781c2-53c2-442a-97 C2-3D60RE42F403] ",
  " tenant ":" [Enter the name of your tenant, e.g. contoso.onmicrosoft.com] ",
  " aadinstance ":" HTTPS://LOGIN.MICROSOFTONLINE.COM/{0} ",//This are the public instance of Azure AD
  " Postlogoutredirecturi ": https:// localhost:44322/
}

2, modify the Project.json and introduce the Openidconnect middleware:

"Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*"

3, add in the Configureservices method in startup:

OpenID Connect authentication Requires Cookie Auth
Services. configure<externalauthenticationoptions> (Options =>
{
  options). Signinscheme = Cookieauthenticationdefaults.authenticationscheme;
});

4, add in the Configure method in startup:

Configure the Owin Pipeline to use Cookie authentication
app. Usecookieauthentication (Options => 
{
  //By default, all middleware are passive/not automatic. Making cookie Middleware automatic so this it acts on all messages.
  Options. Automaticauthentication = true;

});

Configure the Owin Pipeline to use OpenId Connect authentication
app. Useopenidconnectauthentication (Options =>
{
  options). ClientId = Configuration.get ("Azuread:clientid");
  Options. authority = String.Format (Configuration.get ("Azuread:aadinstance"), Configuration.get ("AzureAd:Tenant"));
  Options. Postlogoutredirecturi = Configuration.get ("Azuread:postlogoutredirecturi");
  Options. notifications = new Openidconnectauthenticationnotifications
  {
    authenticationfailed = Onauthenticationfailed,
  };
});

The Onauthenticationfailed method for 5,startup is:

Private Task onauthenticationfailed (Authenticationfailednotification<openidconnectmessage, Openidconnectauthenticationoptions> notification)
{
  notification. Handleresponse ();
  Notification. Response.Redirect ("/home/error?message=" + notification). Exception.Message);
  Return Task.fromresult (0);
}

6, add a controller named AccountController:

public class Accountcontroller:controller
{
  //get:/account/login
  [httpget] public
  Iactionresult Login ()
  {
    if (Context.User = NULL | |!) Context.User.Identity.IsAuthenticated) return to
      new Challengeresult ( Openidconnectauthenticationdefaults.authenticationscheme, new authenticationproperties {RedirectUri = "/"});
    Return redirecttoaction ("Index", "Home");
  }

  Get:/account/logoff
  [httpget] public
  iactionresult LogOff ()
  {
    if ( Context.User.Identity.IsAuthenticated)
    {
      Context.Authentication.SignOut ( Cookieauthenticationdefaults.authenticationscheme);
      Context.Authentication.SignOut (Openidconnectauthenticationdefaults.authenticationscheme);
    }
    Return redirecttoaction ("Index", "Home");
  }

The above code can also be found in the complete example project of my fork: https://github.com/heavenwing/WebApp-OpenIdConnect-AspNet5

"Update: 2015-07-16"
If you encounter a situation where you have added [authorize], but you can't automatically go to the login page, you need to:

App. Useopenidconnectauthentication (Options => {
  options). Automaticauthentication = true;
});

Specific See: https://github.com/aspnet/Security/issues/357

The above mentioned is the entire content of this article, I hope you can enjoy.