使用Office365应用的Asp.Net身份验证

Question

I want to know if there is a way where I can use both Asp.Net Identity with Owin and Office 365 Owin login concurrently?

Basically I want to create a web hook that hooks onto Users's Exchange Inbox. When these messages arrive I need to do some processing and basically send out a notification.

I'm able to successfully create an Office 365 app; I have the clientId and the clientSecret both into my Web.Config file.

I'm using Asp.Net MVC5 and I'm able to have a view that basically has a button and it says "Click to Subscribe"..this would then ideally open the Office 365 login and my user would be presented with a Consent form.

Although when users initially login to the website I'm using Owin with Asp.Net Identity.

When I try to faciltate the Office 365 login; these two lines are returning back null . I've followed the tutorial give here on Github. So I'm able to hook onto to the Exchange mailbox using the Graph API. But I'm having issues with the consent form? Any thoughts?

These are the two lines of suspect code:

        var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
        var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;

The signInUserId returns me back the Asp.Net UserId field according to the user. I have a feeling I am doing something utterly stupid & incomplete.

Answer 1

In this scenario you sort of have two approaches to consider.

• You can set up OWIN to use OpenIDConnectAuthentication and when the user clicks subscribe, you issue a Challenge from your app. OWIN will redirect the user to login, consent, and then return back to your application. You can then use the notifications available in the middleware to capture the authorization code, exchange it for an access token, and cache the tokens for later use. This code sample shows how to do so. The key is to terminate the auth pipeline by calling HandleResponse() from within the notification, which will stop the OpenIDConnect sign-in pipeline and leave the ASP.NET identity in-tact.
• You can craft an OAuth request yourself, without using the OWIN pipeline to trigger & catch the request/response. This sample shows you how to do so using the ADAL library. I recommend this approach, it's a bit more straightforward.