0

I have an asp .net core 3.1 web application that uses the MS Identity (for users) and Entity (codefirst) framework to authenticate users stored in database. All user rights/groups etc. are stored locally and used to allow/deny access to different areas of the application.

So what I think I need is a way to allow users in my web-app to choose to authenticate using AzureAD account, and when the authentication is done, the wep-app will sign-in the local-user somehow linked to the Azure user

Is this how to do this, or can you guide me to how to do this the correct way

AjayKumarGhose
  • 4,257
  • 2
  • 4
  • 15
bohoirup
  • 15
  • 3
  • It sounds like you want to setup Single Sign-On (SSO)? – scottwtang Apr 20 '22 at 13:03
  • That is exactly what i want but only for some users. The problem is that my users are created with Microsoft identity framework and is not coupled with azure ad. So I have some users in my db that needs to sign on using username and password and some users that should use single sign on (AzureAd) – bohoirup Apr 21 '22 at 17:54
  • I see. Yes this is possible, I'm not sure on low-level implementation details on the developer side. You could have different login URLs, and 1 URL will trigger the SSO flow while the other is for password authentication. – scottwtang Apr 21 '22 at 20:00

1 Answers1

0

To achieve the above requirements, You can use Azure AD authentication & external login in your asp.net application by implementing the code in your appsettings and controller as mentioned here .

As you wanted to implement the application ,

Consider other options before storing users of your Web applications in a local database. Instead of managing users in a local database, it's best practice to store and manage user information outside of the application, such as with Azure Active Directory or Azure Active Directory B2C. Consider Identity Server if the authentication service must run on-premises. Identity Server is a member of the.NET Foundation and is OpenID certified.

To implement from scratch you can refer this blog.

Please refer the below links for the similar discussion & Documentation to get started with :-

AjayKumarGhose
  • 4,257
  • 2
  • 4
  • 15
  • 1
    We are using Identity server to create and manage users and roles. So as it is right now all users are created in our database using Identity server and then added to different roles. The roles are tied to custom application access rights so what I really need is to authenticate the user using AzureAD (sso) and on success sign in the local user to make sure all access rights are correct. – bohoirup May 02 '22 at 08:46