In ASP. NET 5, AzureAD is used for single-point logon. asp. netazuread
Note: Although ASP. NET 5 can continue to use ASP. NET Identity for authentication and authorization, it is easy to integrate third-party services that support standard protocols, such as Azure Active Directory.
In fact, it is very simple to integrate AzureAD in ASP. NET 5 for authentication and authorization. Because: Azure Active Directory provides OAuth2.0, OpenId Connect 1.0, SAML, and WS-Federation 1.2 standard protocol interfaces.. NET 5 has transplanted the OWIN middleware integrated with OpenId Connect. Therefore, as long as the "Microsoft. AspNet. Authentication. OpenIdConnect" package is referenced in the ASP. NET 5 Project and the AzureAD connection information is correctly configured, integration can be easily implemented.
The procedure is as follows:
1. Add the AzureAD configuration information to the config. json file:
"AzureAd": { "ClientId": "[Enter the clientId of your application as obtained from portal, e.g. ba74781c2-53c2-442a-97c2-3d60re42f403]", "Tenant": "[Enter the name of your tenant, e.g. contoso.onmicrosoft.com]", "AadInstance": "https://login.microsoftonline.com/{0}", // This is the public instance of Azure AD "PostLogoutRedirectUri": https://localhost:44322/}
2. Modify project. json and introduce the middleware of OpenIdConnect:
"Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*"
3. Add the following in the ConfigureServices method of Startup:
// OpenID Connect Authentication Requires Cookie Authservices.Configure<ExternalAuthenticationOptions>(options =>{ options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;});
4. Add the following in the Configure method of Startup:
// Configure the OWIN Pipeline to use Cookie Authenticationapp.UseCookieAuthentication(options => { // By default, all middleware are passive/not automatic. Making cookie middleware automatic so that it acts on all the messages. options.AutomaticAuthentication = true;});// Configure the OWIN Pipeline to use OpenId Connect Authenticationapp.UseOpenIdConnectAuthentication(options =>{ options.ClientId = Configuration.Get("AzureAd:ClientId"); options.Authority = String.Format(Configuration.Get("AzureAd:AadInstance"), Configuration.Get("AzureAd:Tenant")); options.PostLogoutRedirectUri = Configuration.Get("AzureAd:PostLogoutRedirectUri"); options.Notifications = new OpenIdConnectAuthenticationNotifications { AuthenticationFailed = OnAuthenticationFailed, };});
5. The OnAuthenticationFailed method of Startup is as follows:
private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification){ notification.HandleResponse(); notification.Response.Redirect("/Home/Error?message=" + notification.Exception.Message); return Task.FromResult(0);}
6. Add a Controller named AccountController:
public class AccountController : Controller{ // GET: /Account/Login [HttpGet] public IActionResult Login() { if (Context.User == null || !Context.User.Identity.IsAuthenticated) return new ChallengeResult(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" }); return RedirectToAction("Index", "Home"); } // GET: /Account/LogOff [HttpGet] public IActionResult LogOff() { if (Context.User.Identity.IsAuthenticated) { Context.Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationScheme); Context.Authentication.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationScheme); } return RedirectToAction("Index", "Home"); }}
The code above can also be found in my Fork's complete sample project: https://github.com/heavenwing/WebApp-OpenIdConnect-AspNet5
[Updated]
If you have added [Authorize] but cannot go to the logon page automatically, You need:
app.UseOpenIdConnectAuthentication(options => { options.AutomaticAuthentication = true;});
See specific: https://github.com/aspnet/Security/issues/357#issuecomment-120834369
The above is all the content of this article. I hope you will like it.