In ASP. NET 5, AzureAD is used for single-point logon. asp. netazuread

In ASP. NET 5, AzureAD is used for single-point logon. asp. netazuread

Note: Although ASP. NET 5 can continue to use ASP. NET Identity for authentication and authorization, it is easy to integrate third-party services that support standard protocols, such as Azure Active Directory.

In fact, it is very simple to integrate AzureAD in ASP. NET 5 for authentication and authorization. Because: Azure Active Directory provides OAuth2.0, OpenId Connect 1.0, SAML, and WS-Federation 1.2 standard protocol interfaces.. NET 5 has transplanted the OWIN middleware integrated with OpenId Connect. Therefore, as long as the "Microsoft. AspNet. Authentication. OpenIdConnect" package is referenced in the ASP. NET 5 Project and the AzureAD connection information is correctly configured, integration can be easily implemented.

The procedure is as follows:

1. Add the AzureAD configuration information to the config. json file:

"AzureAd": {  "ClientId": "[Enter the clientId of your application as obtained from portal, e.g. ba74781c2-53c2-442a-97c2-3d60re42f403]",  "Tenant": "[Enter the name of your tenant, e.g. contoso.onmicrosoft.com]",  "AadInstance": "https://login.microsoftonline.com/{0}", // This is the public instance of Azure AD  "PostLogoutRedirectUri": https://localhost:44322/}

2. Modify project. json and introduce the middleware of OpenIdConnect:

"Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*"

3. Add the following in the ConfigureServices method of Startup:

// OpenID Connect Authentication Requires Cookie Authservices.Configure<ExternalAuthenticationOptions>(options =>{  options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;});

4. Add the following in the Configure method of Startup:

// Configure the OWIN Pipeline to use Cookie Authenticationapp.UseCookieAuthentication(options => {  // By default, all middleware are passive/not automatic. Making cookie middleware automatic so that it acts on all the messages.  options.AutomaticAuthentication = true;});// Configure the OWIN Pipeline to use OpenId Connect Authenticationapp.UseOpenIdConnectAuthentication(options =>{  options.ClientId = Configuration.Get("AzureAd:ClientId");  options.Authority = String.Format(Configuration.Get("AzureAd:AadInstance"), Configuration.Get("AzureAd:Tenant"));  options.PostLogoutRedirectUri = Configuration.Get("AzureAd:PostLogoutRedirectUri");  options.Notifications = new OpenIdConnectAuthenticationNotifications  {    AuthenticationFailed = OnAuthenticationFailed,  };});

5. The OnAuthenticationFailed method of Startup is as follows:

private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification){  notification.HandleResponse();  notification.Response.Redirect("/Home/Error?message=" + notification.Exception.Message);  return Task.FromResult(0);}

6. Add a Controller named AccountController:

public class AccountController : Controller{  // GET: /Account/Login  [HttpGet]  public IActionResult Login()  {    if (Context.User == null || !Context.User.Identity.IsAuthenticated)      return new ChallengeResult(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });    return RedirectToAction("Index", "Home");  }  // GET: /Account/LogOff  [HttpGet]  public IActionResult LogOff()  {    if (Context.User.Identity.IsAuthenticated)    {      Context.Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationScheme);      Context.Authentication.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);    }    return RedirectToAction("Index", "Home");  }}

The code above can also be found in my Fork's complete sample project: https://github.com/heavenwing/WebApp-OpenIdConnect-AspNet5

[Updated]
If you have added [Authorize] but cannot go to the logon page automatically, You need:

app.UseOpenIdConnectAuthentication(options => {  options.AutomaticAuthentication = true;});

See specific: https://github.com/aspnet/Security/issues/357#issuecomment-120834369

The above is all the content of this article. I hope you will like it.