'Identityserver 4 and Azure AD
I'm looking into using Identity Server 4 for authentication within a C# based MVC application. I'd like to use accounts stored in Azure AD as a source of valid users but the documentation only seems to refer to Google and OpenID & only mentions Azure in passing.
Does anybody know of any good documentation and/or tutorials on how to use Azure AD in the context of using it with Identity Server 4?
Solution 1:[1]
There is a sample with Azure AD on github , forked from External Login sample provided in IdentityServer samples.
The sample also fixed a known issue "State parameter generated by middleware is too large for Azure AD #978"
Solution 2:[2]
IdentityServer4 has documentation with "Sign-in with External Identity Providers"
Unfortunately it is not complete but this is what I did:
Startup.cs for .NET 5, Program.cs for .NET 6:
services.AddAuthentication()
.AddOpenIdConnect("aad", "Azure AD", options =>
{
options.ClientSecret = "<ClientSecret>";
options.ResponseType = OpenIdConnectResponseType.Code;
options.ClientId ="<ClientId>";
options.Authority = "https://login.microsoftonline.com/<TenantId>/";
options.CallbackPath = "/signin-oidc";
})
.AddIdentityServerJwt();
You will then see an external login under "Use another service to log in.":
When completing login you should see this message.
Default settings got stuck after clicking on Register. It was due to the new email not being confirmed. This could be solved with setting SignIn.RequireConfirmedAccount = false
services.AddDefaultIdentity<ApplicationUser>(options =>
options.SignIn.RequireConfirmedAccount = true)
You could also use "Resend email confirmation" or set EmailConfirmed to true in [dbo].[AspNetUsers] for the new user.
Azure AD settings. You will also need to add a client secret under Certificates & secrets.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | Ogglas |