Azure AD SSO：.Net Core 2.1 基于组织的 Office 365 用户名和密码的单点登录

Question

I have created an ASP.NET Core 2.1 MVC web application and I have used a simple login form to authenticate the users. Now We have decided to remove the login form and use a single sign-on option with my Organization's Office 365 user credentials or my office's outlook username & password and followed the following Microsoft website but I could not choose the right SSO one.

This web app is a MVP (minimum viable product) project so we just don't want to use our own authentication & authorization process and only my organization people going to use this app so we have decided to use the Organization's Azure AD SSO. I am not using SAML or WS-Federation protocols in my web app but I just wanted to implement the SSO for my project.

I searched many sites on the internet, a few websites explained "No code is required to configure SSO but only Azure AD configurations" and some other websites explained with some piece of code also. So now I am totally confused that how should I achieve the SSO for my simple web application.

• Hosted environment: Azure App Service
• Application users: only organization users (internal web app)

My Startup.cs code:

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        services.AddSession(options =>
        {
            options.Cookie.IsEssential = true;
        });

        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

        //Fetching Connection string from APPSETTINGS.JSON  
        var ConnectionString = Configuration.GetConnectionString("MbkDbConstr");

        //Entity Framework  
        services.AddDbContext<ShardingDbContext>(options => options.UseSqlServer(ConnectionString));

        //Automapper Configuration
        AutoMapperConfiguration.Configure();
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseCookiePolicy();
        app.UseSession();

        app.UseAuthentication();

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller:required}/{action}/{id?}",
                defaults: new { controller = "UserAccount", action = "UserLogin" });

        });
    }
}

Note: I have configured the app.UseAuthentication() & other functions but authentication part not used inside my projects.

Answer 1

If you want to Authenticate your users with App Services, refer the document to see how to enable AAD Authentication in app services.

Generally for any web application, you can configure App Registration in Azure AD. You can configure claim attribute as well in order to use SSO feature. Refer the document for how to configure app registration in Azure AD.