Laser authentication along with OAuth authentication
I need to find a solution to the problem. So I am developing a website and I am stuck with authentication. First of all, we use Azure Active Directory to store users. So I found WebApp-WebAPI-OpenIDConnect-DotNet and did it for my needs. While it works. But now I have to implement external logins as well (facebook, twitter, etc.). Therefore, I have commented on all the previous work during the time when I work with this problem. I had to rewrite some UserManager and UserStore classes, but got it to work. I can login with facebook. But now that I need to merge both of these logins together, they don't work. They seem to come into conflict within the frame. Login to Facebook requiresapp.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
but the moment I enable this the boolean login stops working. If I comment on this, azure login works, facebook doesn't. Can anyone help me fix this? I will provide mineStartup.Auth.cs
using System;
using Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using System.Configuration;
using System.Globalization;
using Microsoft.AspNet.Identity;
using Microsoft.Owin;
using Microsoft.AspNet.Identity.Owin;
using ClearRoadmapWeb.LoginProviderHelpers;
using Microsoft.Owin.Security.Facebook;
using System.Collections.Generic;
namespace ClearRoadmapWeb
{
public partial class Startup
{
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ExternalCookie);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri
}
);
app.CreatePerOwinContext<AzureIdentityUserManager>(AzureIdentityUserManager.Create); //For Faceook
app.CreatePerOwinContext<AzureIdentitySignInManager>(AzureIdentitySignInManager.Create); //For Facebook
#region FacebookOptions
//app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
FacebookAuthenticationOptions facebookOptions = new FacebookAuthenticationOptions()
{
AppId = "fb appId",
AppSecret = "fb appSecret"
};
facebookOptions.Scope.Add("email");
facebookOptions.Provider = new FacebookAuthenticationProvider()
{
OnAuthenticated = async context =>
{
foreach (var x in context.User)
{
context.Identity.AddClaim(new System.Security.Claims.Claim(x.Key, x.Value.ToString()));
}
//Get the access token from FB and store it in the database and use FacebookC# SDK to get more information about the user
context.Identity.AddClaim(new System.Security.Claims.Claim("FacebookAccessToken", context.AccessToken));
}
};
#endregion
app.UseFacebookAuthentication(facebookOptions);
}
}
}
source to share
By default, OpenIdConnect authentication mode is active. This means that oidc will always try to handle authorization. What works for me is to issue a direct call as inside a controller method, e.g .:
HttpContext.GetOwinContext () Authentication.Challenge ("Facebook") ;.
This is after coding Startup_Auth as:
public void Configure(IAppBuilder app)
{
CookieAuthenticationExtensions.UseCookieAuthentication(
app,
new CookieAuthenticationOptions
{
AuthenticationType = "FaceBook",
});
FacebookAuthenticationExtensions.UseFacebookAuthentication(
app,
new Microsoft.Owin.Security.Facebook.FacebookAuthenticationOptions
{
AppId = "...",
AppSecret = "...",
AuthenticationType = "FaceBook",
SignInAsAuthenticationType = "FaceBook",
});
CookieAuthenticationExtensions.UseCookieAuthentication(
app,
new CookieAuthenticationOptions
{
AuthenticationType = "OpenIdConnect",
});
OpenIdConnectAuthenticationExtensions.UseOpenIdConnectAuthentication(
app,
new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions
{
AuthenticationType = "OpenIdConnect",
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive,
ClientId = "...",
Authority = "...",
SignInAsAuthenticationType = "OpenIdConnect"
});
You will need to make sure that when you want to "switch" IDs between AAD and FB, you clear your existing identity by disabling or clearing your current cookies.
source to share