在同一MVC应用程序中使用表单身份验证和Azure AD登录 [英] Using form authentication and Azure AD login in same mvc application

问题描述

我正在使用带有azure AD登录选项(OpenId身份验证)的mvc应用程序.我需要为管理员提供模拟选项.因此，我决定对此模拟登录使用表单身份验证.现在我的问题是，在webconfig中启用表单身份验证会影响Azure AD登录.添加了表单身份验证后，它将连续显示带有belo网址的重定向，

此外，您需要在web.config中设置< authentication mode ="none"/> ，以使OWIN从IIS接管您的应用程序的身份验证/授权过程./p>

I am using mvc application with azure AD login option(OpenId Authentication). i need to provide impersonation option for Admins. so i have decided to use form authentication for this impersonation login. now my problem is when enabling form authentication in webconfig affects azure AD login. once added form authentication it will show redirect continously with the belo url, http://localhost:9666/members/logon?ReturnUrl=%2fmembers%2flogonusingazure%3freturnUrl%3d%2f&returnUrl=/

code used in web config for form authentication.

<authentication mode="Forms">
      <forms loginUrl="~/members/logon" cookieless="UseCookies" name="MvcForumAuth" slidingExpiration="true" timeout="432000" />
    </authentication>

Thanks, Nagaraj M.

解决方案

Forms authentication is old version of the authentication framework for ASP.NET, The default template for ASP.NET MVC in the latest version of Visual Studio has an implementation of ASP.NET Identity Framework .

You could try using OWIN CookieAuthentication and ASP.NET identity to handle the local authentication with OpenIdConnect for the AzureAD authentication.

To use asp.net identity , if you generate a new MVC project using Individual accounts for authentication you can see the auto generated code for the Startup class in addition to the Account controller which has Login Actions for both Direct Authentication and ExternalLogin (3rd party).

Then you could use the ASP.Net OpenID Connect OWIN middleware to sign-in users from Azure Active Directory tenant :

1. install the Microsoft.Owin.Security.OpenIdConnect library in NuGet .

2. in Startup class , set OpenIdConnect pipeline :

   app.UseOpenIdConnectAuthentication(
     new OpenIdConnectAuthenticationOptions
     {
         ClientId = clientId,
         Authority = Authority,
         PostLogoutRedirectUri = postLogoutRedirectUri,
         RedirectUri = postLogoutRedirectUri,
         Notifications = new OpenIdConnectAuthenticationNotifications
         {
             AuthenticationFailed = context =>
             {
                 context.HandleResponse();
                 context.Response.Redirect("/Error?message=" + context.Exception.Message);
                 return Task.FromResult(0);
             }
         }
     });
   

   Now you could login into your app with local identity account and azure ad accounts as external user :

In addition , you need to set <authentication mode="none" /> in the web.config to let OWIN take over the Authentication/Authorization process for your application from IIS.

这篇关于在同一MVC应用程序中使用表单身份验证和Azure AD登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！