{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 放我归山 的问题《Asp.net Identity using password and Azure Active D》','https://www.manongdao.com/q-302501.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm building an ASP.NET MVC 5 web site using Asp.net Identity (OWIN) and want to support both traditional username/password authentication as well as authentication against Azure Active Directory. This app does not need to authenticate against Microsoft IDs (Live IDs), Facebook, Twitter or any of the other external providers. The closest SO question I found is this one: How to do both Azure Active Directory Single Sign On and Forms Authentications on ASP.NET MVC
I've looked at the samples that get created when you create a project using the "Individual User Accounts" option as well as the "Work and School Accounts" option in VS 2015. I have authentication working well individually; it's only when I try to combine them that I'm running into problems.
In my Startup_Auth.cs file, I am configuring OWIN like this:
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
//app.UseCookieAuthentication(new CookieAuthenticationOptions { });
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
LoginPath = new PathString("/account/sign-in")
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
return Task.FromResult(0);
},
AuthorizationCodeReceived = (context) =>
{
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
context.OwinContext.Response.Redirect("/Home/Error");
context.HandleResponse(); // Suppress the exception
return Task.FromResult(0);
}
}
}
);
}
This configuration works for password authentication, but doesn't work for AAD authentication. To enable AAD authentication I need to either comment out the line setting the AuthenticationType
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
Or, just set CookieAuthentication with no values.
app.UseCookieAuthentication(new CookieAuthenticationOptions { });
I'd guess that there is a relatively simple approach to this and would appreciate some ideas on where to start looking.
I realize that this is an old question. I am potentially looking to do something similar but probably more like ASP.Net identity auth to more than one Azure AD tenant. I found this Integrating Azure AD into ASP.NET Core where this statement:
leads me to believe that the sample code there may hold the key to this mixed auth scenario.
I searched examples from Microsoft. And all of them look like your solution. Look here:
Another example is here with
WindowsAzureActiveDirectoryBearerAuthenticationOptionsJust recently Damian Edwards from the ASP.NET team open sourced their community standup website on github. They are using Azure AD so I hope it helps in the right direction, I unfortunately don't have any experience with Azure AD.
Here is also the youtube video of the standup where they talk about it, I think there are a few tips and maybe hints which you might be able to make use of.