Authenticate .NET Core with Azure AD
ฝัง
- เผยแพร่เมื่อ 2 ส.ค. 2024
- Using Azure Active Directory to authenticate your .NET Core application can be accomplished in a few very simple steps. This video will show you the bare minimum code and configuration
Source Code:
github.com/TimBurris/DemoAzur...
00:00 - Intro
00:10 - Setup
00:21 - Install Nuget
01:02 - Add code to program.cs
03:10 - Stub appsettings.json
04:10 - Register Application in Azure AD
07:40 - Fill appsettings with values
08:39 - Add Users
09:35 - Login
10:30 - Login fail
11:10 - Dispose
If one of my videos has helped improved your daily activities, consider paying it forward (help someone else) or Buy Me a Coffee?
☕️ Buy me a coffee - www.buymeacoffee.com/timburris
Thank you! this video is much easier to follow than other videos related to the same topic.
Glad it was helpful!
You are a legend! Thanks so much for the video, exactly what I was looking for :)
Glad I could help!
Thank you! It is helpful.
Great explanation, very helpful thanks.
You are welcome, I'm glad you found it useful!
Thnaks, Bro! you are the best.
Thanks for the explanation, Tim!
One note, though: adding users and groups to the list isn't enough to limit access to the app, you need also to go to the "Properties" tab of the Enterprise Application and enable the "Assignment required" option. Otherwise, all user accounts in the tenant can sign in.
Had you used another user account of the same tenant for your negative test (instead of Microsoft account), you'd notice that it succeeds to sign in as well.
Good point! thank you for the feedback!
THanks man
You're welcome!
Great Video, Just a doubt, is it the same process for delegated permission?
Do I use the same nuget identity package if I want to allow multi tenant and MS accounts ?
What happens if I want to get AAD b2b to be able to sign in? I assume I`d need a multi-tenant selected and do I need to do something extra for the X org to be able to sign in into my app?
thank you for this video. Is it possible to return some claims from AzureAD using this method ?
absolutely, you can have the Groups that the User is a member of automatically flow into Claims of type Role, or you can use custom logic to map them how you want. here is an example walk through damienbod.com/2021/02/01/implement-app-roles-authorization-with-azure-ad-and-asp-net-core/
can you add a logout button in the next video please
Hi Tim, thanks for the great tutorial video.
by the way, I try using your code in Program.cs but there's an error that says "No authenticationScheme was specified, and there was no DefaultChallengeScheme found.". I'm not sure why since we already define the authentication in AddAuthentication method. Did I miss something?
Hopefully by now you have gotten past the scheme error. I pulled the code and tested again just now and I am not getting any error. Additionally, I don't recall running into that error anytime in the past. A quick google search yields a number of different causes, so it's hard to know which one you might have been encountering
Hey nice video, but can you tell how we can do the single sign on using azure.
I must be misunderstanding the question. This demonstration is authenticating with Azure, can you elaborate on your question?
Please create a video on using Microsoft authentication library with .net core api .
That's a good idea, I'll see if can throw one together. in the next few weeks
Hi
Thank you for the video. Can you please explain how to hook up with our custom pages?
I need to redirect to a checkpoint before redirecting to the main page. I need the get the user's email to get his ID from the Db.
Can you please help with that?
absolutely!
the short answer is, in your .AddMicrosoftIdentityWebApp call, you can hook into an "OnTokenValidated" callback event. With that you'll have access to all the claims that Azure AD put in, including the email address. Using that email address lookup your user and then add your User ID as a claim so that you can access it during page requests.
I just created a branch in the git repo that demonstrates exactly that.
here is the branch:
github.com/TimBurris/DemoAzureActiveDirectory/tree/local-database-user-lookup
DISCLAIMER: I put all the code directly into Program.cs, but in the real world I always have OnTokenValidated invoke a custom class to do all the real work.
@@TimBurris Thank you so much. Subscribed. :)
@@TimBurris
Hi. I applied the configurations and it seems to be ok. But how can I get the UserId from the db in program.cs. And can you please explain invoking a custom class from OnTokenValidated?
to use a custom class, you could create an instance in the OnTokenValidated either by directly "newing it up" like:
var service= new CustomClaimService()
or using Dependency Injection:
var service = ctx.HttpContext.RequestServices.GetService();
regardless how you construct, you would then just pass the TokenValidationContext like this:
return service.AssignClaims(ctx);
then, inside of you CustomClaimService you could make a database call or do anything you needed