stackoom
  简体   繁体   中英

Azure Active Directory - .Net Core 3 Web Application - Disable 2 Factor Authentication

 原文  2020-04-17 10:25:30       c#/ asp.net-mvc/ azure/ azure-active-directory

Question

I have created a .net core 3 Web Application. I have connected it to an Azure Active Directory.

This is the first time I have used AD so please excuse my ignorance.

The problem I have is that when the user logs into the website the login process is enforcing 2FA. They are being given 14 days grace before this is enforced.

Although, personally I have no problem with 2FA, in this case we want to be able to disable it.

I have searched high and low for documentation on how to do this but many of the documents do not reflect the current design of the Azure Portal.

Is this something I can control in my Startup.cs? Which looks like this:

public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => Configuration.Bind("AzureAd", options));

        services.AddControllersWithViews(options =>
        {
            var policy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .Build();
            options.Filters.Add(new AuthorizeFilter(policy));
        });
        services.AddRazorPages();

        services.AddSignalR(x =>
        {
            x.EnableDetailedErrors = true;
        });
    }

Any help would be greatly appreciated!

1 answers

solution1
 1  2020-04-21 17:51:46

If you are integrated your application with Azure Active Directory, then make sure the primary and the secondary authentication is happening in Azure.

When the user try to login to the website, usually the authentication process goes to Azure AD for primary and 2FA.

Scenario 1 - 14 days grace period

Azure Active Directory Identity Protection will prompt your users to register the next time they sign in interactively and they will have 14 days to complete registration. During this 14-day period, they can bypass registration but at the end of the period they will be required to register before they can complete the sign-in process.

Scenario 2 - Disable 2FA

If you want to disable MFA for the users, you need to check the following.

  1. Check if there are any conditional access polices are created to trigger MFA including classic policies.

  2. Check if there are any individual MFA setting (enabled) in Azure portal .

You can disable MFA through PowerShell

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Active Directory with multi factor authentication for an existing web application Why is Azure Active Directory Authentication causing an character encoding error in my ASP.NET Core Application? Authentication with Azure Active Directory connected services missing in existing Asp.Net core application .Net Core Azure AD authentication failes since Hybrid Active Directory How to authenticate users in Azure Active Directory with dynamic tenants inside single instance of .NET Core web application? Azure Active Directory with .Net Core C# .Net Core Web Api Azure Active Directory & Claims Test cloud authentication in web APIs with Azure Active Directory B2C in ASP.NET Core - return error “invalid_request” Azure Ad authentication and authorization using azure active directory (single tenant) in .net core 3.1? .net core 5 Windows Authentication and Active Directory resources
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM