Reputation: 11895
Azure AD as an "external provider"?
I'm trying to build a simple ASP.Net Core 2.2 web app that allows AzureAD as an "external provider". I'm doing this in Visual Studio 2019.
As a super-simple demo project, I started by creating a new project that uses Azure AD as the login provider:
- Select ASP.NET Core Web Application
- Select Web Application (Model-View-Controller)
- Change Authentication to "Work or School Accounts". It automatically filled in my domain name (because I'm logged in to VS)
This creates a web application set up to enforce user authentication on all pages. When I run the application, it goes to Azure AD and logs me in prior to navigating to the /home page.
Recall that I said I wanted to add Azure AD as an external provider. So I found this line in Startup.cs:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
and I removed the default authentication scheme to prevent the auto-login, like this:
services.AddAuthentication()
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
Now, when I run the app, it navigates to the Login page, and it gives me a big blue button offering to let me log in with Azure Active Directory. But clicking on that button does not log me in.
So I scaffolded the Identity pages, and I set a breakpoint at the ExternalLogin GET routine. Sure enough, clicking the big blue button finds its way there. Stepping through the code, I see that the call to _signInManager.GetExternalLoginInfoAsync() returns null.
I'm stuck. Apparently, the (undocumented) configuration magic doesn't set something up correctly to satisfy the call to GetExternalLoginInfoAsync.
Upvotes: 6
Views: 1463
Answers (1)
Reputation: 27538
The scenario is you are using asp.net identity with Azure AD login as external identity provider .
You should set IdentityConstants.ExternalScheme as the signin schema of Azure AD authentication , so that you can get the external user information with _signInManager.GetExternalLoginInfoAsync() :
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddDefaultUI(UIFramework.Bootstrap4)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options => {
options.SignInScheme= IdentityConstants.ExternalScheme;
//other config
});
Then you can scaffold the asp.net identity and modify to fit your requirement , in any page trigger external login(OnPost function in ExternalLogin.cshtml.cs) as the default template("big blue button") does .
Upvotes: 1
Related Questions
- Setup Azure AD External Identity Provider for SSO with ASP.NET core
- Use Azure Active Directory as an external login for Identity Server
- Use Microsoft Identity Platform as External Auth provider in AspnetCore Identity
- ASP.NET MVC Identity - Using internal User and Azure AD Authentication together
- Azure B2B External Identities
- How to setup IdentityServer4 to be an external identity provider
- Detecting external Azure AD users with ASP.Net Core
- Azure AD Authentication for Intranet Web Application
- Add own Identity Provider to Azure AD B2C
- integrate azure AD authentication with asp.net core identity individual accounts