Authenticate with Identity and/or Azure AD

Asked

Viewed 18 times

1

Today the client application authenticates using Identity (.net core 3.1), however I am trying to authenticate also by Azure AD, adding an extra button on the login page where the user can login to the AD. What happens is that the whole process is done normally, but when redirecting to the application, that is, to login and redirect to the application’s Dashboard, the redirect ends up not working, ie, back to the home page where there is the traditional login form and password and the button you create for the login in AD.

I was able to make an implementation similar to this (without Addopenidconnect) to login with Google and I was successful. I’m having trouble implementing Azure AD now. I followed this tutorial for this Google case. Customer asks something like this: https://www.yogihosting.com/aspnet-core-identity-login-with-google/

Startup.Cs

       services.AddAuthentication(options =>
        {
            options.DefaultScheme = IdentityConstants.ApplicationScheme;
            options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
        })
        .AddOpenIdConnect("AzureAD", options =>
        {
            //  https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
            options.ClientId = "ClientId ";
            options.ClientSecret = "ClientSecret ";
            options.SignInScheme = "Identity.External";
            options.RemoteAuthenticationTimeout = TimeSpan.FromSeconds(30);
            options.Authority = "https://login.microsoftonline.com/tenantId/v2.0/";
            options.ResponseType = "id_token";
            options.SaveTokens = true;
            options.RequireHttpsMetadata = true;
            options.UsePkce = false;
            options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = false,
                NameClaimType = "email",
            };
            options.CallbackPath = "/signin-oidc";
            options.Prompt = "login";
        })
        .AddIdentityCookies(o =>
        {
        o.ApplicationCookie.PostConfigure(option =>
        {
            option.SessionStore = new MemoryCacheTicketStore();
            option.ExpireTimeSpan = TimeSpan.FromMinutes(45);
            option.LoginPath = "/Account/Login";
            option.LogoutPath = "/Account/LogOffAsync";
        });
        });

        services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
        {
            //double check your version here
            options.Authority = "https://login.microsoftonline.com/tenantid/v2.0/";
            options.TokenValidationParameters.ValidateIssuer = false;

        });

Controller

[HttpGet("login-ad")]
    [AllowAnonymous]
    public IActionResult LoginAD(string returnUrl = null)
    {
        if (User.Identity.IsAuthenticated)
        {
            return RedirectToAction("Index", "Account");
        }
        else
        {
            if (string.IsNullOrEmpty(returnUrl)) { returnUrl = "/"; }
            return Challenge(
                new AuthenticationProperties { RedirectUri = returnUrl },
                AzureADDefaults.AuthenticationScheme
                );
        }
    }

    [HttpPost("signin-oidc")]
    [AllowAnonymous]
    public IActionResult SigninOidc(string returnUrl = null)
    {
        if (User.Identity.IsAuthenticated)
        {
            return RedirectToAction("Index", "Account");
        }
        else
        {
            //não implementado
            return null;
        }
    }

_loginPartial

 <a href="/login-ad" class="btn btn-complete btn-Login m-t-10">
        UTILIZAR O LOGIN DA EMPRESA
    </a>
No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.