在.NET Core MVC应用程序中使用Azure B2C和Open Id Connect进行静默SSO登录

Question

We would like to implement functionality where user should be logged silently over Single sign-on. The user go to the application A and log into. Now he goes to the application B, which is using the same tenant as application A. At this moment to log into the application B, it is necessary by user to click on Login button to start the Challenge which handle the whole OpenID Connect protocol exchange.

[HttpGet]
public IActionResult SignIn()
{
  var redirectUrl = Url.Action(nameof(HomeContrsioller.Index), "Home");
  return Challenge(new AuthenticationProperties { RedirectUri = redirectUrl },
                OpenIdConnectDefaults.AuthenticationScheme);
}

The idea here was to utilize Authorize attribute.

[Authorize]
public IActionResult Index()
{

    return View();
}

The problem with this attribute is that per default the attribute redirects to the login UI when the user isn't logged in. The desired behavior here is to try to silently authenticate user, when the authentication isn't possible, ignore it.

I tried to disable to automatic challenge like described here but without success.

Answer 1

You can try embedding an iframe on an anonymous page that has the src set to the signin route. Make sure when your challenge fires you set prompt=none

You can squash any errors that come back from the signin request like interaction_required and acheive a silent single sign on when it works