All geek questions in one place

Redirecting a user to a user login page when using Azure AD

I use the following code example to connect the Azure AD login to my application ( https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet ).

I find that the code works just fine, but I want to be able to redirect the user to the user login page if the user is not already logged in or their session has expired. However, I am struggling to make this work, and I was wondering if this is really possible?

Is it by design that the user is always redirected to the Microsoft login page for Azure AD, and not to his own page, or is there some kind of setting that I missed?

I added the modified code to FilterConfig.cs to enable the authorization filter attribute:

 filters.Add(new AuthorizeAttribute());

I also added the following to web.config , but with no effect:

 <authorization> <allow users="?" /> </authorization>

In the Startup.Auth.cs file Startup.Auth.cs I do not see any changes available to app.UseOpenIdConnectAuthentication to allow me to create a common login page, as I can, for example, using cookie-based auth.

+6
source share
4 answers

After some sorting through the code, I found a solution to my problem.

Inside Startup.Auth.cs :

 app.UseCookieAuthentication(new CookieAuthenticationOptions { LoginPath = new PathString("/Account/Login") }); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = authority, PostLogoutRedirectUri = postLogoutRedirectUri, AuthenticationMode = AuthenticationMode.Passive });

This is the inclusion of the AuthenticationMode = AuthenticationMode.Passive , which seems to stop OpenIdConnectAuth from automatically redirecting 302 to the AAD login pages.

+10
source

Assuming that Azure AD is your identity provider, you can customize the login page , but you must have Azure AD Premium to do this.

0
source

Perhaps this is what I'm looking for ...

This example allows a user to log on to Azure AD without using their own Azure AD logical connections.

I understand that this is somewhat considered an anti-pattern, since I will abandon Azure created in the mechanisms for processing multi-factor auth, password reset, etc., but I will retain full control over this experience.

==== Edit ==== This is not the way I want to go, as I will take apart a lot of what AAD offers from the box. In essence, I would like to keep the AAD control flows, but I just want to be able to control which page the user lands on when the user is not logged in.

Currently thread: Not Allowed โ†’ 302 redirect โ†’ AAD login

I would like: Not authorized โ†’ 302 redirection โ†’ Self-registration page โ†’ Login button click โ†’ 302 redirection โ†’ AAD login

Its this thread does not seem to work.

0
source

I have the same requirement to use a custom login page with OpenId connect and get claim information from Azure AD. Can I find out how you got the access token by checking the username and password (which method is used to verify credentials in Azure AD) on the user log page and how to access claims information in the web application?

Thank you in advance.

0
source

Source: https://habr.com/ru/post/977103/

More articles:


All Articles