I'm using the following code example to plug in Azure AD login to my application (https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet).
I'm finding that the code works just fine however I want to have to ability to redirect a user to a custom login page if the user hasn't logged in yet or their session has expired. I'm struggling however to get this to work and was wondering if this is indeed possible at all?
Is it by design that the user is always redirected to the Microsoft Login page for Azure AD rather than your own custom page or is there a setting I've missed?
I've amended the supplied code in FilterConfig.cs to enable the Authorize filter attribute:
filters.Add(new AuthorizeAttribute());
I've also added the following to web.config but to no effect:
<authorization>
<allow users="?" />
</authorization>
Within the Startup.Auth.cs file I cannot see any changes that are possible to app.UseOpenIdConnectAuthentication to allow me to set up a generic login page as I may possibly do with cookies based auth.
After some re going over the code I've found the solution to my issue.
Within Startup.Auth.cs:
app.UseCookieAuthentication(new CookieAuthenticationOptions {
LoginPath = new PathString("/Account/Login")
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions {
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
AuthenticationMode = AuthenticationMode.Passive
});
It's the inclusion of the AuthenticationMode = AuthenticationMode.Passive line which seems to stop OpenIdConnectAuth from performing the automatic 302 redirect to the AAD login pages.
Assuming Azure AD is your identity provider, you can Customize the login page, but you have to be running Azure AD Premium to do so.
This maybe what I'm looking for...
- non-interactive authentication in a native client
(https://github.com/AzureADSamples/NativeClient-Headless-DotNet)
This sample allows a user to login to Azure AD without the need to use Azure AD's native browser based logins.
I understand this is somewhat considered an anti pattern as I'll be forgoing Azure's built in mechanisms for handling multi factor auth, password resets etc. but I'll retain full control of the experience.
==== Edit ====
This isn't the way I want to go as I'll be stripping out a lot of what AAD offers out the box. In essence I'd like to keep AAD's control flows but I just want to have the ability to control what page a user lands on when a user isn't logged in.
Currently the flow is:
Not authorised -> 302 redirect -> AAD login
I'd like:
Not authorised -> 302 redirect -> Self hosted login required page -> User login button press -> 302 redirect -> AAD login
Its this flow I can't seem to work out.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 聊天终结者 的文章《Redirect user to custom login page when using Azur》','https://www.manongdao.com/article-349175.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}