Identityserver 4 and Azure AD
Question
I'm looking into using Identity Server 4 for authentication within a C# based MVC application. I'd like to use accounts stored in Azure AD as a source of valid users but the documentation only seems to refer to Google and OpenID & only mentions Azure in passing.
Does anybody know of any good documentation and/or tutorials on how to use Azure AD in the context of using it with Identity Server 4?
3 answers
solution1
13 ACCPTED 2017-02-01 14:08:54
You can use signin to Azure AD from IdentityServer just as you would use signin to IdentityServer from eg a Javascript or MVC app.
I have done this recently, and all you need to do is register OpenIdConnect options to Azure Ad like this:
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
});
}
More info about this here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-webapp-dotnet
You should then in your Login action call the ChallengeAsync method:
var authenticationProperties = new AuthenticationProperties { RedirectUri = "your redirect uri" };
await HttpContext.Authentication.ChallengeAsync(your policy, authenticationProperties);
Then provide a callback method as a GET method then follow the External Login samples provided in IdentityServer samples: https://github.com/IdentityServer/IdentityServer4.Samples/blob/dev/Quickstarts/4_ImplicitFlowAuthenticationWithExternal/src/QuickstartIdentityServer/Quickstart/Account/AccountController.cs
solution2
7 2017-04-09 00:13:05
There is a sample with Azure AD on github , forked from External Login sample provided in IdentityServer samples .
The sample also fixed a known issue "State parameter generated by middleware is too large for Azure AD #978"
solution3
2 2022-02-17 16:09:46
IdentityServer4 has documentation with "Sign-in with External Identity Providers"
Unfortunately it is not complete but this is what I did:
Startup.cs for .NET 5, Program.cs for .NET 6:
services.AddAuthentication()
.AddOpenIdConnect("aad", "Azure AD", options =>
{
options.ClientSecret = "<ClientSecret>";
options.ResponseType = OpenIdConnectResponseType.Code;
options.ClientId ="<ClientId>";
options.Authority = "https://login.microsoftonline.com/<TenantId>/";
options.CallbackPath = "/signin-oidc";
})
.AddIdentityServerJwt();
You will then see an external login under "Use another service to log in.":
When completing login you should see this message.
Default settings got stuck after clicking on Register . It was due to the new email not being confirmed. This could be solved with setting SignIn.RequireConfirmedAccount = false
services.AddDefaultIdentity<ApplicationUser>(options =>
options.SignIn.RequireConfirmedAccount = true)
You could also use "Resend email confirmation" or set EmailConfirmed to true in [dbo].[AspNetUsers] for the new user.
Azure AD settings. You will also need to add a client secret under Certificates & secrets .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.