stackoom
  简体   繁体   中英

Automatic Login for Internal Users - Azure Active Directory

 原文  2022-08-15 15:04:07       c#/ azure/ asp.net-core/ .net-core/ azure-active-directory

Question

I have configured Azure AD Auth (v2) in a .NET Core application using this guide and sign in and sign out are working properly. The guide uses the packages Microsoft.Identity.Web and Microsoft.Identity.Web.UI . I did not add the authorization policy of RequireAuthenticatedUser() since we want to allow anonymous access with some sections hidden if you are not logged in.

I now have the requirement of automatically logging in those users who are on the VPN or internal network (domain), and am not sure how to go about this. I did some digging and saw some references to seamless single sign-on, but my organizations Azure only has Federation enabled with seamless single sign-on and pass-through authentication disabled.

I've added some snippets of the guide below:

public class Startup
{
 ...
 // This method gets called by the runtime. Use this method to add services to the container.
 public void ConfigureServices(IServiceCollection services)
 {
  services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "AzureAd");

   services.AddRazorPages().AddMvcOptions(options =>
        {
            // Commented out because we want everyone to be able to access, with authenticated (internal) users having more information displayed
            /*var policy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .Build();
            options.Filters.Add(new AuthorizeFilter(policy));*/
        }).AddMicrosoftIdentityUI();

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
 // more code here
 app.UseAuthentication();
 app.UseAuthorization();

  app.UseEndpoints(endpoints => { endpoints.MapRazorPages(); });
  app.UseEndpoints(endpoints => { endpoints.MapControllers(); });
 // more code here
}

I appreciate any advice or guidance on a path forward. Thanks!

1 answers

solution1
 0  2022-09-06 13:39:13

There is a concept of Azure AD Seamless Single Sign-On to Automatically Login Internal users from Azure AD, when using the VPN or internal network.

As mentioned in the official MSDoc ,

Active Directory Federation Services do not support seamless SSO .

As you can see when Federation is Enabled, we do not have an option to enable Seamless sign-on

Azure AD Connect in Portal 在此处输入图像描述

在此处输入图像描述

Either we can migrate to Password Hash Synchronization or Pass-through Authentication methods to use seamless SSO

We have an option in portal to migrate to other cloud authentication from Federation Authentication

In Portal => Azure AD => Azure AD Connect => STAGED ROLLOUT OF CLOUD AUTHENTICATION在此处输入图像描述

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question To get users in azure active directory Login to Azure Active Directory programmatically Map Active Directory Users to Internal Groups Can Azure Active Directory be used as a Login Broker? Azure Active Directory login redirect loop ASP.NET / Active Directory - Supporting auto login for domain users Azure Active Directory retrieving same credentials for all users Azure active directory get all users - (possibly deadlock) Access users from Azure active Directory having persmison type as delegated Use Azure Active Directory B2C without migrating users
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM