使用密码和 Azure Active Directory 身份验证的 Asp.net Identity [英] Asp.net Identity using password and Azure Active Directory authentication

问题描述

我正在使用 Asp.net Identity (OWIN) 构建一个 ASP.NET MVC 5 网站，并希望同时支持传统的用户名/密码身份验证以及针对 Azure Active Directory 的身份验证.此应用不需要针对 Microsoft ID (Live ID)、Facebook、Twitter 或任何其他外部提供商进行身份验证.我发现的最接近的 SO 问题是:如何在 ASP.NET MVC 上同时执行 Azure Active Directory 单点登录和表单身份验证

I'm building an ASP.NET MVC 5 web site using Asp.net Identity (OWIN) and want to support both traditional username/password authentication as well as authentication against Azure Active Directory. This app does not need to authenticate against Microsoft IDs (Live IDs), Facebook, Twitter or any of the other external providers. The closest SO question I found is this one: How to do both Azure Active Directory Single Sign On and Forms Authentications on ASP.NET MVC

我查看了使用 VS 2015 中的个人用户帐户"选项以及工作和学校帐户"选项创建项目时创建的示例.我的身份验证单独运行良好；只有当我尝试将它们结合起来时才会遇到问题.

I've looked at the samples that get created when you create a project using the "Individual User Accounts" option as well as the "Work and School Accounts" option in VS 2015. I have authentication working well individually; it's only when I try to combine them that I'm running into problems.

在我的 Startup_Auth.cs 文件中，我正在像这样配置 OWIN:

In my Startup_Auth.cs file, I am configuring OWIN like this:

    public void ConfigureAuth(IAppBuilder app)
    {

        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        //app.UseCookieAuthentication(new CookieAuthenticationOptions { });

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
            LoginPath = new PathString("/account/sign-in")
        });

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = authority,
                TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
                {
                    ValidateIssuer = false,
                },
                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    SecurityTokenValidated = (context) => 
                    {
                        return Task.FromResult(0);
                    },
                    AuthorizationCodeReceived = (context) =>
                    {
                        return Task.FromResult(0);
                    },
                    AuthenticationFailed = (context) =>
                    {
                        context.OwinContext.Response.Redirect("/Home/Error");
                        context.HandleResponse(); // Suppress the exception
                        return Task.FromResult(0);
                    }
                }
            }
        );
    }  

此配置适用于密码身份验证，但不适用于 AAD 身份验证.要启用 AAD 身份验证，我需要注释掉设置 AuthenticationType 的行

This configuration works for password authentication, but doesn't work for AAD authentication. To enable AAD authentication I need to either comment out the line setting the AuthenticationType

AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,

或者，只设置没有值的 CookieAuthentication.

Or, just set CookieAuthentication with no values.

app.UseCookieAuthentication(new CookieAuthenticationOptions { });

我猜想有一个相对简单的方法来解决这个问题，并且会很感激一些关于从哪里开始寻找的想法.

I'd guess that there is a relatively simple approach to this and would appreciate some ideas on where to start looking.

推荐答案

我搜索了微软的例子.所有这些看起来都像您的解决方案.看这里:

I searched examples from Microsoft. And all of them look like your solution. Look here:

1. WebApp-WSFederation-DotNet
2. WebApp-MultiTenant-OpenIdConnect-DotNet
3. WebApp-OpenIDConnect-DotNet

另一个例子是这里 WindowsAzureActiveDirectoryBearerAuthenticationOptions

这篇关于使用密码和 Azure Active Directory 身份验证的 Asp.net Identity的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！