Login to different Azure Tenant with two buttons in Asp.Net.

huangapple go评论61阅读模式
英文:

Login to different Azure Tenant with two buttons in Asp.Net

问题

在一个Asp.Net页面上,我需要支持两个Azure租户的登录。
思路是拥有两个单独的按钮,每个按钮触发登录到第一个或第二个租户中的自己的应用程序注册。

我知道多租户应用程序注册是可能的,但客户想要单独的租户。

有许多关于如何登录到单个租户的示例,但我找不到针对上述情况的示例。

您能否给我一个在运行时选择租户1或租户2的示例?

谢谢。

英文:

On an Asp.Net page I need to support login for two Azure tenants.
The idea is to have two separate buttons, each triggering the login to its own app registrations in the first or the second tenant.

I know that a multitenant App registration would be possible, but the client wont to have separate tenants.

There are many examples of how to login to a single tenant but I cannot find any for the scenario above.

Can you give me an example of how to select tenant1 or tenant2 in runtime?

Thank you

答案1

得分: 1

以下是您要翻译的内容:

"I was able to solve it by myself. The trick is to register two OpenIdConnectAuthenticationOptions with different authenticationType values, which are used in the code behind to call the OpenIdConnectAuthenticationOptions."

Startup.cs

using System;
using System.Threading.Tasks;
using System.Web.Hosting;
using Microsoft.AspNet.Identity;
using Microsoft.Owin.Extensions;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using TwoSSOProviders.App_Start;

namespace TwoSSOProviders
{
    public partial class Startup
    {
		// IdentityProvider are project classes 
        public static IdentityProvider TwoSSO1Poc => new IdentityProvider
        {
            AuthenticationType = "SSO1",
            ClientId = "cid1",
            AadInstance = "https://login.microsoftonline.com/",
            Domain = "intactconsult.onmicrosoft.com",
            TenantId = "tid1",
            PostLogoutRedirectUri = "https://localhost:44323/About"
        };

        public static IdentityProvider TwoSSO2Poc => new IdentityProvider
        {
            AuthenticationType = "SSO2",
            ClientId = "cid2",
            AadInstance = "https://login.microsoftonline.com/",
            Domain = "intactconsult.onmicrosoft.com",
            TenantId = "tid2",
            PostLogoutRedirectUri = "https://localhost:44323/About"
        };

        public void Configuration(IAppBuilder app)
        {         
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
                AuthenticationMode = AuthenticationMode.Passive,
                CookiePath = HostingEnvironment.ApplicationVirtualPath,
                CookieHttpOnly = true,
                ExpireTimeSpan = TimeSpan.FromMinutes(5),
            });

            ConfigureOpenIdConnectProvider(app, TwoSSO1Poc);
            ConfigureOpenIdConnectProvider(app, TwoSSO2Poc);
            app.UseStageMarker(PipelineStage.Authenticate);

        }

        private void ConfigureOpenIdConnectProvider(
            IAppBuilder app,
            IdentityProvider idp)
        {
            var options = new OpenIdConnectAuthenticationOptions(idp.AuthenticationType)
            {
                RedirectUri = idp.PostLogoutRedirectUri,

                ClientId = idp.ClientId,
                Authority = $"{idp.AadInstance}{idp.TenantId}",
                
                ResponseType = "code",
                Scope = "openid email profile",
                SignInAsAuthenticationType = "Cookies",

                RequireHttpsMetadata = false,
                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    SecurityTokenValidated = (notification) =>
                    {
                        return Task.FromResult(0);
                    },
                    AuthenticationFailed = (notification) =>
                    {
                        return Task.FromResult(0);
                    },
                },
            };
            app.UseOpenIdConnectAuthentication(options);
        }
    }
}

Login.aspx.cs

using System.Web;
using Microsoft.Owin.Security;
using System;

namespace TwoSSOProviders
{
    public partial class Login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            var owinContext = Context.GetOwinContext();

            if (!IsPostBack)
            {
                return;
            }
            var redirectUri = "https://localhost:44323/About";
            if (Request.Form[btnLoginA.UniqueID] != null)
            {
               Context.GetOwinContext().Authentication.Challenge(
                   new AuthenticationProperties { RedirectUri = redirectUri },
                    Startup.TwoSSO1Poc.AuthenticationType); //Note the AuthenticationType
            }

            if (Request.Form[btnLoginB.UniqueID] != null)
            {
                Context.GetOwinContext().Authentication.Challenge(
                    new AuthenticationProperties { RedirectUri = redirectUri },
                     Startup.TwoSSO2Poc.AuthenticationType); //Note the AuthenticationType
            }

            if (Request.Form[btnLogOut.UniqueID] != null)
            {                
                var prop = new AuthenticationProperties()
                {
                    RedirectUri = "https://localhost:44323/Login"
                };
                Request.GetOwinContext().Authentication.SignOut(prop);
            }
        }
    }
}
英文:

I was able to solve it by myself. The trick is to register two OpenIdConnectAuthenticationOptions with different authenticationType values, which are used in the code behind to call the OpenIdConnectAuthenticationOptions.

Startup.cs

using System;
using System.Threading.Tasks;
using System.Web.Hosting;
using Microsoft.AspNet.Identity;
using Microsoft.Owin.Extensions;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using TwoSSOProviders.App_Start;
namespace TwoSSOProviders
{
public partial class Startup
{
// IdentityProvider are project classes 
public static IdentityProvider TwoSSO1Poc => new IdentityProvider
{
AuthenticationType="SSO1",
ClientId = "cid1",
AadInstance = "https://login.microsoftonline.com/",
Domain = "intactconsult.onmicrosoft.com",
TenantId = "tid1",
PostLogoutRedirectUri = "https://localhost:44323/About"
};
public static IdentityProvider TwoSSO2Poc => new IdentityProvider
{
AuthenticationType = "SSO2",
ClientId = "cid2",
AadInstance = "https://login.microsoftonline.com/",
Domain = "intactconsult.onmicrosoft.com",
TenantId = "tid2",
PostLogoutRedirectUri = "https://localhost:44323/About"
};
public void Configuration(IAppBuilder app)
{         
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
AuthenticationMode = AuthenticationMode.Passive,
CookiePath = HostingEnvironment.ApplicationVirtualPath,
CookieHttpOnly = true,
ExpireTimeSpan = TimeSpan.FromMinutes(5),
});
ConfigureOpenIdConnectProvider(app, TwoSSO1Poc);
ConfigureOpenIdConnectProvider(app, TwoSSO2Poc);
app.UseStageMarker(PipelineStage.Authenticate);
}
private void ConfigureOpenIdConnectProvider(
IAppBuilder app,
IdentityProvider idp)
{
var options = new OpenIdConnectAuthenticationOptions(idp.AuthenticationType)
{
RedirectUri = idp.PostLogoutRedirectUri,
ClientId = idp.ClientId,
Authority =  $"{idp.AadInstance}{idp.TenantId}",
ResponseType = "code",
Scope = "openid email profile",
SignInAsAuthenticationType = "Cookies",
RequireHttpsMetadata = false,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (notification) =>
{
return Task.FromResult(0);
},
AuthenticationFailed = (notification) =>
{
return Task.FromResult(0);
},
},
};
app.UseOpenIdConnectAuthentication(options);
}
}
}

Login.aspx.cs

using System.Web;
using Microsoft.Owin.Security;
using System;
namespace TwoSSOProviders
{
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
var owinContext = Context.GetOwinContext();
if (!IsPostBack)
{
return;
}
var redirectUri = "https://localhost:44323/About";
if (Request.Form[btnLoginA.UniqueID] != null)
{
Context.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = redirectUri },
Startup.TwoSSO1Poc.AuthenticationType); //Note the AuthenticationType
}
if (Request.Form[btnLoginB.UniqueID] != null)
{
Context.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = redirectUri },
Startup.TwoSSO2Poc.AuthenticationType); //Note the AuthenticationType
}
if (Request.Form[btnLogOut.UniqueID] != null)
{                
var prop = new AuthenticationProperties()
{
RedirectUri = "https://localhost:44323/Login"
};
Request.GetOwinContext().Authentication.SignOut(prop);
}
}
}
}

huangapple
  • 本文由 发表于 2023年7月4日 21:08:12
  • 转载请务必保留本文链接:https://go.coder-hub.com/76612986.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定