0

I have a .NET Core app which uses identityserver4 to authenticate users. I have integrated it with ASP.NET Identity (Microsoft.AspNetCore.Identity.UI) and this works fine. It uses the AspNetUser tables etc. to store users. etc etc and all the options work.

I would like to add the option to use Azure Active Directory users. So I add the following code to my startup class (previously there was just services.AddAuthentication();):

    services.AddAuthentication()
            .AddOpenIdConnect("aad", "Azure AD", options =>
            {
                options.Authority = "https://login.windows.net/<My Azure Tenant Guid>";
                options.TokenValidationParameters =
                    new TokenValidationParameters { ValidateIssuer = true };
                options.ClientId = "<My Azure App Client Id>";
                options.CallbackPath = "/signin-aad";
                options.SignedOutCallbackPath = "/signout-callback-aad";
                options.RemoteSignOutPath = "/signout-aad";

                options.ResponseType = OpenIdConnectResponseType.Code;

                options.ClientSecret = "<My Azure App Client Secret>";

                options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                options.SignOutScheme = IdentityServerConstants.SignoutScheme;
                options.RequireHttpsMetadata = true;
            })
            ;

This makes a button available to add your Azure AD account... Which doesn't work - it gets as far as asking for permission, then comes up with "Unexpected error occurred loading external login info".

Any ideas, or does anyone have a link to a good tutorial?

Philip Johnson
  • 1,091
  • 10
  • 24
  • Could you please clarify, would you like to setup azure B2C authentication so login on your web app that helps your users to register verify email, sign in and then you can manage them in active directory? – Vladimir Oct 21 '22 at 12:22
  • Hi, thanks for asking. I think the ideal scenario is B2B, multi tenant. – Philip Johnson Oct 21 '22 at 12:33
  • I have got a bit further.... Comment out: //options.ResponseType = OpenIdConnectResponseType.Code; //options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme; //options.SignOutScheme = IdentityServerConstants.SignoutScheme; It now allows me to link the Azure AD account. I still feel like I need a tutorial what next? It appears like its logging in as it did before... – Philip Johnson Oct 21 '22 at 12:41
  • This also works... options.ResponseType = "code"; options.UsePkce = true; options.Scope.Add("profile"); options.SaveTokens = true; As related, I am still looking for a good tutorial to know how this works/if its correctly configured. – Philip Johnson Oct 21 '22 at 13:06

0 Answers0