Clever Geek Handbook

Laser authentication along with OAuth authentication

I need to find a solution to the problem. So I am developing a website and I am stuck with authentication. First of all, we use Azure Active Directory to store users. So I found WebApp-WebAPI-OpenIDConnect-DotNet and did it for my needs. While it works. But now I have to implement external logins as well (facebook, twitter, etc.). Therefore, I have commented on all the previous work during the time when I work with this problem. I had to rewrite some UserManager and UserStore classes, but got it to work. I can login with facebook. But now that I need to merge both of these logins together, they don't work. They seem to come into conflict within the frame. Login to Facebook requiresapp.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

but the moment I enable this the boolean login stops working. If I comment on this, azure login works, facebook doesn't. Can anyone help me fix this? I will provide mineStartup.Auth.cs 

using System;
using Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using System.Configuration;
using System.Globalization;
using Microsoft.AspNet.Identity;
using Microsoft.Owin;
using Microsoft.AspNet.Identity.Owin;
using ClearRoadmapWeb.LoginProviderHelpers;
using Microsoft.Owin.Security.Facebook;
using System.Collections.Generic;

namespace ClearRoadmapWeb
{
    public partial class Startup
    {
        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
        private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];

        string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

        public void ConfigureAuth(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ExternalCookie);
            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = clientId,
                    Authority = authority,
                    PostLogoutRedirectUri = postLogoutRedirectUri
                }
            );

            app.CreatePerOwinContext<AzureIdentityUserManager>(AzureIdentityUserManager.Create); //For Faceook
            app.CreatePerOwinContext<AzureIdentitySignInManager>(AzureIdentitySignInManager.Create); //For Facebook

            #region FacebookOptions
            //app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

            FacebookAuthenticationOptions facebookOptions = new FacebookAuthenticationOptions()
            {
                AppId = "fb appId",
                AppSecret = "fb appSecret"
            };
            facebookOptions.Scope.Add("email");
            facebookOptions.Provider = new FacebookAuthenticationProvider()
            {
                OnAuthenticated = async context =>
                {
                    foreach (var x in context.User)
                    {
                        context.Identity.AddClaim(new System.Security.Claims.Claim(x.Key, x.Value.ToString()));
                    }
                    //Get the access token from FB and store it in the database and use FacebookC# SDK to get more information about the user
                    context.Identity.AddClaim(new System.Security.Claims.Claim("FacebookAccessToken", context.AccessToken));
                }
            };

            #endregion
            app.UseFacebookAuthentication(facebookOptions);
        }
    }
}
+3


source to share


1 answer


By default, OpenIdConnect authentication mode is active. This means that oidc will always try to handle authorization. What works for me is to issue a direct call as inside a controller method, e.g .:

HttpContext.GetOwinContext () Authentication.Challenge ("Facebook") ;.

This is after coding Startup_Auth as:



    public void Configure(IAppBuilder app)
    {
        CookieAuthenticationExtensions.UseCookieAuthentication(
            app,
            new CookieAuthenticationOptions
            {
                AuthenticationType = "FaceBook",
            });

        FacebookAuthenticationExtensions.UseFacebookAuthentication(
            app,
            new Microsoft.Owin.Security.Facebook.FacebookAuthenticationOptions
            {
                AppId = "...",
                AppSecret = "...",
                AuthenticationType = "FaceBook",
                SignInAsAuthenticationType = "FaceBook",
            });

        CookieAuthenticationExtensions.UseCookieAuthentication(
        app,
        new CookieAuthenticationOptions
        {
            AuthenticationType = "OpenIdConnect",
        });

        OpenIdConnectAuthenticationExtensions.UseOpenIdConnectAuthentication(
            app,
            new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions
            {
                AuthenticationType = "OpenIdConnect",
                AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive,
                ClientId = "...",
                Authority = "...",
                SignInAsAuthenticationType = "OpenIdConnect"
            });

You will need to make sure that when you want to "switch" IDs between AAD and FB, you clear your existing identity by disabling or clearing your current cookies.

0


source






More articles:


All Articles