MVC application Azure AD and custom authentication support
Question
We have implemented Custom token based authentication in the MVC application. Now we enabled Azure AD as well using the OpenID Connect as described below.
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = ADClientId,
Authority = ADauthority,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
if (context.Request.Path.Value == "/Account/ExternalLogin" || (context.Request.Path.Value == "/Account/LogOff"))
{
string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
context.ProtocolMessage.RedirectUri = appBaseUrl + "/";
context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
}
else
{
context.State = Microsoft.Owin.Security.Notifications.NotificationResultState.Skipped;
context.HandleResponse();
}
return Task.FromResult(0);
},
}
We need to modify the scenario like below. If you have any technical suggestion let me know 1) Login page - get user email address
2) Check for user id and if that is Azure AD email - then take to the Microsoft authentication page where the user enters the password
3) If the user enters custom user id , handle the password page in the application's internal authentication flow
1 answers
solution1
0 2018-02-22 03:59:49
If your requirement is pivoted upon examining if a provided email address is from an existing user account in your Azure Active Directory tenant, then you can utilize the Microsoft Graph to query and confirm.
For example, the following Graph Api REST call would help determine if a provided email address is that of an existing user in your tenant.
https://graph.microsoft.com/v1.0/users?$filter=startswith(mail%2C+'email@domain.com')
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.