We have an outdated system that is built on ASP.NET Mvc 4, now we would like to support Signal Sign On through Azure Active Directory for current users, as well as for new users. Since we manage our own authentication process, the ASP.NET identifier is definitely not suitable in our case.
I managed to create a demo version that works on the passive mode of the OWIN OpenIdConnect middleware without using ASP.NET Identity. The code below works correctly:
app.SetDefaultSignInAsAuthenticationType("ExternalCookie"); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "ExternalCookie", AuthenticationMode = AuthenticationMode.Passive, }); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { AuthenticationMode = AuthenticationMode.Passive, ClientId = ClientId, Authority = Authority
And in ExternalLoginCallback action:
public async Task<ActionResult> ExternalLoginCallback(string returnUrl) { var authManager = Request.GetOwinContext().Authentication; var result = await authManager.AuthenticateAsync("ExternalCookie"); authManager.SignOut("ExternalCookie");
This case is indeed common even when using other providers such as Google, Facebook or Twitter. One thing that I donβt really understand is ExternalCookie , maybe I missed it all. I understand that when the external login is successful, the external cookie is used to store the external claim identifier. And then we call:
var result = await authManager.AuthenticateAsync("ExternalCookie"); authManager.SignOut("ExternalCookie");
To get the external claim identifier and then convert the external identifier to a local identifier. I have a bit of confusion why in this case you need to call SignOut external cookie.
Also, I'm not sure if an External Cookie is required when using an external login, or we have other ways without using an external Cookie.
Please provide an explanation on this.
asp.net-mvc asp.net-mvc-5 owin openid-connect azure-active-directory
Cuong le
source share