Asp.net身份使用密码和Azure的Active Directory身份验证 [英] Asp.net Identity using password and Azure Active Directory authentication

问题描述

我建立使用Asp.net身份（OWIN）一个ASP.NET MVC 5网站，并希望支持对Azure的Active Directory中既有传统的用户名/密码认证以及认证。这个应用程序并不需要对微软标识（标识直播），Facebook，Twitter或其他任何外部供应商的认证。最近的SO问题，我发现是这个：<一href=\"http://stackoverflow.com/questions/29681302/how-to-do-both-azure-active-directory-single-sign-on-and-forms-authentications-o\">How两者都做的Azure Active Directory的单点登录和ASP.NET MVC窗体认证

我看着当您创建使用项目个人用户帐户选项，以及在2015年VS工作和学校帐户选项，获得创建样品我有认证工作以及独立;只有当我试图将它们结合起来，我快到的问题。

在我Startup_Auth.cs文件，我在配置OWIN是这样的：

 公共无效ConfigureAuth（IAppBuilder应用程序）
    {        app.SetDefaultSignInAsAuthenticationType（CookieAuthenticationDefaults.AuthenticationType）;        //app.UseCookieAuthentication(new CookieAuthenticationOptions {}）;        app.UseCookieAuthentication（新CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ExternalCookie，
            LOGINPATH =新PathString（/帐号/登录）
        }）;        app.UseOpenIdConnectAuthentication（
            新OpenIdConnectAuthenticationOptions
            {
                客户端Id =客户端ID，
                管理局=权威，
                TokenValidationParameters =新System.IdentityModel.Tokens.TokenValidationParameters
                {
                    ValidateIssuer =假，
                }，
                通知=新OpenIdConnectAuthenticationNotifications（）
                {
                    SecurityTokenValidated =（上下文）=＆GT;
                    {
                        返回Task.FromResult（0）;
                    }，
                    授权codeReceived =（上下文）=＆GT;
                    {
                        返回Task.FromResult（0）;
                    }，
                    AuthenticationFailed =（上下文）=＆GT;
                    {
                        context.OwinContext.Response.Redirect（/首页/错误）;
                        context.HandleResponse（）; //燮preSS异常
                        返回Task.FromResult（0）;
                    }
                }
            }
        ）;
    }
 

本配置适用于密码验证，但AAD的身份验证不起作用。要启用AAD验证我需要或者注释掉该行设置AuthenticationType

  AuthenticationType = DefaultAuthenticationTypes.ExternalCookie，
 

或者，只设置CookieAuthentication没有值。

  app.UseCookieAuthentication（新CookieAuthenticationOptions {}）;
 

我猜想，有一个比较简单的方法来此，并会AP preciate在哪里开始寻找一些想法。

解决方案

我搜索来自微软的例子。和所有的人都像你的解决方案。看看这里：

1. Web应用程序-WSFederation，DOTNET的


2. Web应用程序，多租户，OpenIdConnect，DOTNET的


3. Web应用程序-OpenIDConnect，DOTNET的

又如<一个href=\"https://github.com/robdmoore/AzureAdMvcExample/blob/master/AzureAdMvcExample/App_Start/Startup.cs\"相对=nofollow>与 WindowsAzureActiveDirectoryBearerAuthenticationOptions >

I'm building an ASP.NET MVC 5 web site using Asp.net Identity (OWIN) and want to support both traditional username/password authentication as well as authentication against Azure Active Directory. This app does not need to authenticate against Microsoft IDs (Live IDs), Facebook, Twitter or any of the other external providers. The closest SO question I found is this one: How to do both Azure Active Directory Single Sign On and Forms Authentications on ASP.NET MVC

I've looked at the samples that get created when you create a project using the "Individual User Accounts" option as well as the "Work and School Accounts" option in VS 2015. I have authentication working well individually; it's only when I try to combine them that I'm running into problems.

In my Startup_Auth.cs file, I am configuring OWIN like this:

    public void ConfigureAuth(IAppBuilder app)
    {

        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        //app.UseCookieAuthentication(new CookieAuthenticationOptions { });

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
            LoginPath = new PathString("/account/sign-in")
        });

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = authority,
                TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
                {
                    ValidateIssuer = false,
                },
                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    SecurityTokenValidated = (context) => 
                    {
                        return Task.FromResult(0);
                    },
                    AuthorizationCodeReceived = (context) =>
                    {
                        return Task.FromResult(0);
                    },
                    AuthenticationFailed = (context) =>
                    {
                        context.OwinContext.Response.Redirect("/Home/Error");
                        context.HandleResponse(); // Suppress the exception
                        return Task.FromResult(0);
                    }
                }
            }
        );
    }  

This configuration works for password authentication, but doesn't work for AAD authentication. To enable AAD authentication I need to either comment out the line setting the AuthenticationType

AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,

Or, just set CookieAuthentication with no values.

app.UseCookieAuthentication(new CookieAuthenticationOptions { });

I'd guess that there is a relatively simple approach to this and would appreciate some ideas on where to start looking.

解决方案

I searched examples from Microsoft. And all of them look like your solution. Look here:

1. WebApp-WSFederation-DotNet
2. WebApp-MultiTenant-OpenIdConnect-DotNet
3. WebApp-OpenIDConnect-DotNet

Another example is here with WindowsAzureActiveDirectoryBearerAuthenticationOptions

这篇关于Asp.net身份使用密码和Azure的Active Directory身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！