英文:
Login to different Azure Tenant with two buttons in Asp.Net
问题
在一个Asp.Net页面上,我需要支持两个Azure租户的登录。
思路是拥有两个单独的按钮,每个按钮触发登录到第一个或第二个租户中的自己的应用程序注册。
我知道多租户应用程序注册是可能的,但客户想要单独的租户。
有许多关于如何登录到单个租户的示例,但我找不到针对上述情况的示例。
您能否给我一个在运行时选择租户1或租户2的示例?
谢谢。
英文:
On an Asp.Net page I need to support login for two Azure tenants.
The idea is to have two separate buttons, each triggering the login to its own app registrations in the first or the second tenant.
I know that a multitenant App registration would be possible, but the client wont to have separate tenants.
There are many examples of how to login to a single tenant but I cannot find any for the scenario above.
Can you give me an example of how to select tenant1 or tenant2 in runtime?
Thank you
答案1
得分: 1
以下是您要翻译的内容:
"I was able to solve it by myself. The trick is to register two OpenIdConnectAuthenticationOptions
with different authenticationType
values, which are used in the code behind to call the OpenIdConnectAuthenticationOptions
."
Startup.cs
using System;
using System.Threading.Tasks;
using System.Web.Hosting;
using Microsoft.AspNet.Identity;
using Microsoft.Owin.Extensions;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using TwoSSOProviders.App_Start;
namespace TwoSSOProviders
{
public partial class Startup
{
// IdentityProvider are project classes
public static IdentityProvider TwoSSO1Poc => new IdentityProvider
{
AuthenticationType = "SSO1",
ClientId = "cid1",
AadInstance = "https://login.microsoftonline.com/",
Domain = "intactconsult.onmicrosoft.com",
TenantId = "tid1",
PostLogoutRedirectUri = "https://localhost:44323/About"
};
public static IdentityProvider TwoSSO2Poc => new IdentityProvider
{
AuthenticationType = "SSO2",
ClientId = "cid2",
AadInstance = "https://login.microsoftonline.com/",
Domain = "intactconsult.onmicrosoft.com",
TenantId = "tid2",
PostLogoutRedirectUri = "https://localhost:44323/About"
};
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
AuthenticationMode = AuthenticationMode.Passive,
CookiePath = HostingEnvironment.ApplicationVirtualPath,
CookieHttpOnly = true,
ExpireTimeSpan = TimeSpan.FromMinutes(5),
});
ConfigureOpenIdConnectProvider(app, TwoSSO1Poc);
ConfigureOpenIdConnectProvider(app, TwoSSO2Poc);
app.UseStageMarker(PipelineStage.Authenticate);
}
private void ConfigureOpenIdConnectProvider(
IAppBuilder app,
IdentityProvider idp)
{
var options = new OpenIdConnectAuthenticationOptions(idp.AuthenticationType)
{
RedirectUri = idp.PostLogoutRedirectUri,
ClientId = idp.ClientId,
Authority = $"{idp.AadInstance}{idp.TenantId}",
ResponseType = "code",
Scope = "openid email profile",
SignInAsAuthenticationType = "Cookies",
RequireHttpsMetadata = false,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (notification) =>
{
return Task.FromResult(0);
},
AuthenticationFailed = (notification) =>
{
return Task.FromResult(0);
},
},
};
app.UseOpenIdConnectAuthentication(options);
}
}
}
Login.aspx.cs
using System.Web;
using Microsoft.Owin.Security;
using System;
namespace TwoSSOProviders
{
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
var owinContext = Context.GetOwinContext();
if (!IsPostBack)
{
return;
}
var redirectUri = "https://localhost:44323/About";
if (Request.Form[btnLoginA.UniqueID] != null)
{
Context.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = redirectUri },
Startup.TwoSSO1Poc.AuthenticationType); //Note the AuthenticationType
}
if (Request.Form[btnLoginB.UniqueID] != null)
{
Context.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = redirectUri },
Startup.TwoSSO2Poc.AuthenticationType); //Note the AuthenticationType
}
if (Request.Form[btnLogOut.UniqueID] != null)
{
var prop = new AuthenticationProperties()
{
RedirectUri = "https://localhost:44323/Login"
};
Request.GetOwinContext().Authentication.SignOut(prop);
}
}
}
}
英文:
I was able to solve it by myself. The trick is to register two OpenIdConnectAuthenticationOptions
with different authenticationType
values, which are used in the code behind to call the OpenIdConnectAuthenticationOptions
.
Startup.cs
using System;
using System.Threading.Tasks;
using System.Web.Hosting;
using Microsoft.AspNet.Identity;
using Microsoft.Owin.Extensions;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using TwoSSOProviders.App_Start;
namespace TwoSSOProviders
{
public partial class Startup
{
// IdentityProvider are project classes
public static IdentityProvider TwoSSO1Poc => new IdentityProvider
{
AuthenticationType="SSO1",
ClientId = "cid1",
AadInstance = "https://login.microsoftonline.com/",
Domain = "intactconsult.onmicrosoft.com",
TenantId = "tid1",
PostLogoutRedirectUri = "https://localhost:44323/About"
};
public static IdentityProvider TwoSSO2Poc => new IdentityProvider
{
AuthenticationType = "SSO2",
ClientId = "cid2",
AadInstance = "https://login.microsoftonline.com/",
Domain = "intactconsult.onmicrosoft.com",
TenantId = "tid2",
PostLogoutRedirectUri = "https://localhost:44323/About"
};
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
AuthenticationMode = AuthenticationMode.Passive,
CookiePath = HostingEnvironment.ApplicationVirtualPath,
CookieHttpOnly = true,
ExpireTimeSpan = TimeSpan.FromMinutes(5),
});
ConfigureOpenIdConnectProvider(app, TwoSSO1Poc);
ConfigureOpenIdConnectProvider(app, TwoSSO2Poc);
app.UseStageMarker(PipelineStage.Authenticate);
}
private void ConfigureOpenIdConnectProvider(
IAppBuilder app,
IdentityProvider idp)
{
var options = new OpenIdConnectAuthenticationOptions(idp.AuthenticationType)
{
RedirectUri = idp.PostLogoutRedirectUri,
ClientId = idp.ClientId,
Authority = $"{idp.AadInstance}{idp.TenantId}",
ResponseType = "code",
Scope = "openid email profile",
SignInAsAuthenticationType = "Cookies",
RequireHttpsMetadata = false,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (notification) =>
{
return Task.FromResult(0);
},
AuthenticationFailed = (notification) =>
{
return Task.FromResult(0);
},
},
};
app.UseOpenIdConnectAuthentication(options);
}
}
}
Login.aspx.cs
using System.Web;
using Microsoft.Owin.Security;
using System;
namespace TwoSSOProviders
{
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
var owinContext = Context.GetOwinContext();
if (!IsPostBack)
{
return;
}
var redirectUri = "https://localhost:44323/About";
if (Request.Form[btnLoginA.UniqueID] != null)
{
Context.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = redirectUri },
Startup.TwoSSO1Poc.AuthenticationType); //Note the AuthenticationType
}
if (Request.Form[btnLoginB.UniqueID] != null)
{
Context.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = redirectUri },
Startup.TwoSSO2Poc.AuthenticationType); //Note the AuthenticationType
}
if (Request.Form[btnLogOut.UniqueID] != null)
{
var prop = new AuthenticationProperties()
{
RedirectUri = "https://localhost:44323/Login"
};
Request.GetOwinContext().Authentication.SignOut(prop);
}
}
}
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论