I’m trying to utilize Microsoft Identity Platform for some users of web application. I’m using this example:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp
The problem is the example shows how to turn on Microsoft Identity “globally”, for the whole app, and all the roles are populated from the platform. But in my case users are stored in DB, and sign in using Azure AD should be optional. The ideal flow will be to login the user with Microsoft Identity Platform, get the email after successful login and then authenticate user using existing asp.net core identity mechanism with populating users from DB (using UserStore and etc.). But I can’t find the way, how to do it, ho to handle “event” after successful login with the platform?
It is even possible with Microsoft Identity Platform?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Apparently MSAL library can’t act as external login provider for ASP.NET Identity, so it’s not possible.
Source: https://github.com/MicrosoftDocs/azure-docs/issues/53695
If someone needs to utilize Azure AD login with ASP.NET identity, it could be done in several ways:
-
Using Microsoft.AspNetCore.Authentication.AzureAD.UI
https://austincooper.dev/2020/02/02/azure-active-directory-authentication-in-asp.net-core-3.1/
Azure AD as an “external provider”? -
Using WsFederation
https://cmatskas.com/asp-net-core-saml-authentication-with-azure-ad/ -
Using SAML directly using some 3rd party library or inhouse SAML stack implementation:
https://matthijs.hoekstraonline.net/2020/04/14/authenticate-an-azure-ad-user-with-saml-for-asp-net-core/
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0