使用 Azure AD 进行 Dotnet 核心身份验证

Question

I got a question using the azure AD authentication. Out team started to develop an Identity application to handle the authentication request of all our application services.

For logging in users we have to use Azure AD beacause we dont want our users to create a new accunt but rather use their company microsoft account to login into our applications.

The problem is tha when the user enters the application. It gets the azure access token as described in the microsoft azure documentation, but we would like to create our own custom token for this authenticated person which contains extra information from our database.

We tried to implement identityserver with external providers as described in the documentation ,but not so much success.

So the problem for us is the conversion from azure identity to our own custom identity.

Any idea/suggestion how to implement such a server/client?

Answer 1

You can use identity server 4 as identity provider and add Azure AD as external login, here is code sample, you can add Azure AD login like:

services.AddAuthentication()
.AddOpenIdConnect("aad", "Azure AD", options =>
{
    options.ClientId = "<app>";
    options.Authority = "https://login.microsoftonline.com/<tenant>/";             
    options.CallbackPath = "/signin-oidc-aadtenant";            
    options.SaveTokens = true;                                 
    options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;

})

You might show the detail issue when implement the whole process.

Answer 2

You can possibly make use of custom policy in Azure AD B2C. Read here https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-get-started