I have configured Azure AD Auth (v2) in a .NET Core application using this guide and sign in and sign out are working properly. The guide uses the packages Microsoft.Identity.Web
and Microsoft.Identity.Web.UI
. I did not add the authorization policy of RequireAuthenticatedUser()
since we want to allow anonymous access with some sections hidden if you are not logged in.
I now have the requirement of automatically logging in those users who are on the VPN or internal network (domain), and am not sure how to go about this. I did some digging and saw some references to seamless single sign-on, but my organizations Azure only has Federation enabled with seamless single sign-on and pass-through authentication disabled.
I've added some snippets of the guide below:
public class Startup
{
...
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "AzureAd");
services.AddRazorPages().AddMvcOptions(options =>
{
// Commented out because we want everyone to be able to access, with authenticated (internal) users having more information displayed
/*var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));*/
}).AddMicrosoftIdentityUI();
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
// more code here
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints => { endpoints.MapRazorPages(); });
app.UseEndpoints(endpoints => { endpoints.MapControllers(); });
// more code here
}
I appreciate any advice or guidance on a path forward. Thanks!
There is a concept of Azure AD Seamless Single Sign-On to Automatically Login Internal users from Azure AD, when using the VPN or internal network.
As mentioned in the official MSDoc ,
Active Directory Federation Services do not support seamless SSO
.
As you can see when Federation is Enabled, we do not have an option to enable Seamless sign-on
Azure AD Connect in Portal
Either we can migrate to Password Hash Synchronization
or Pass-through Authentication
methods to use seamless SSO
We have an option in portal to migrate to other cloud authentication from Federation Authentication
In Portal => Azure AD => Azure AD Connect => STAGED ROLLOUT OF CLOUD AUTHENTICATION
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.