1

I am using mvc application with azure AD login option(OpenId Authentication). i need to provide impersonation option for Admins. so i have decided to use form authentication for this impersonation login. now my problem is when enabling form authentication in webconfig affects azure AD login. once added form authentication it will show redirect continously with the belo url, http://localhost:9666/members/logon?ReturnUrl=%2fmembers%2flogonusingazure%3freturnUrl%3d%2f&returnUrl=/

code used in web config for form authentication.

<authentication mode="Forms">
      <forms loginUrl="~/members/logon" cookieless="UseCookies" name="MvcForumAuth" slidingExpiration="true" timeout="432000" />
    </authentication>

Thanks, Nagaraj M.

Improve this question
1
  • 1
    Please have a look at this post Commented Apr 15, 2021 at 18:17

2 Answers 2

Reset to default
2

Forms authentication is old version of the authentication framework for ASP.NET, The default template for ASP.NET MVC in the latest version of Visual Studio has an implementation of ASP.NET Identity Framework .

You could try using OWIN CookieAuthentication and ASP.NET identity to handle the local authentication with OpenIdConnect for the AzureAD authentication.

To use asp.net identity , if you generate a new MVC project using Individual accounts for authentication you can see the auto generated code for the Startup class in addition to the Account controller which has Login Actions for both Direct Authentication and ExternalLogin (3rd party).

Then you could use the ASP.Net OpenID Connect OWIN middleware to sign-in users from Azure Active Directory tenant :

  1. install the Microsoft.Owin.Security.OpenIdConnect library in NuGet .

  2. in Startup class , set OpenIdConnect pipeline :

    app.UseOpenIdConnectAuthentication(
  new OpenIdConnectAuthenticationOptions
  {
      ClientId = clientId,
      Authority = Authority,
      PostLogoutRedirectUri = postLogoutRedirectUri,
      RedirectUri = postLogoutRedirectUri,
      Notifications = new OpenIdConnectAuthenticationNotifications
      {
          AuthenticationFailed = context =>
          {
              context.HandleResponse();
              context.Response.Redirect("/Error?message=" + context.Exception.Message);
              return Task.FromResult(0);
          }
      }
  });

    Now you could login into your app with local identity account and azure ad accounts as external user :enter image description here

In addition , you need to set <authentication mode="none" /> in the web.config to let OWIN take over the Authentication/Authorization process for your application from IIS.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Following Nan Yu suggestion above, sometimes the application try to do an Azure Ad / OpenId login before get to identity login page. I can't figure out why, but configuring to forms authentication seems to work fine 

<authentication mode="Forms">
      <forms loginUrl="~/Account/Login/" timeout="2880"/>
</authentication>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.