Blog

Single Sign-On In .NET Core with Azure Active Directory

By 19 October 2020 No Comments

Single Sign-On In .NET Core with Azure Active Directory

Microsoft Azure Active Directory

Sharing is caring!

What is SSO?


Single sign-on is a service which allows users to use a single set of authentications i.e. user name and password to authenticate the user in multiple applications and websites by logging only once.

Without a single sign-on, each website has to maintain its own database of user’s detail. At the time of login, applications have to check whether the user is already authenticated, if yes then give access to the applications otherwise ask the user to login and cross check the authenticity of his entered credentials with the database. But with the help of SSO service, developer’s life will be easier.

Google, LinkedIn, Twitter, Facebook, and Microsoft offer this service that allows end-users to log in into third-party applications with their account credentials.

In this article, we will learn about how to implement Single sign-on with Microsoft Azure Active Directory.

What is Azure Active Directory?

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps you to sign in and access resources in:

  • External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications.
  • Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed.

This process mainly involves two-part:

  • Azure AD App registration
  • Configure app in .Net core project

 Let us see entire process step by step

Azure AD App registration

  1. Login to Azure Portal
  2. Select Azure Active Directory
Fig-1

3. Select App Registration

Fig-2

4. Click on New Registration, In Register an application page, you will see the following sections.

  • In the Name section, enter the meaningful name of your application
  • In the supported account section, you can select any option from three option based on your requirements, the first option will allow login to users only from your organization. The second option will allow login to any user with Microsoft account and third one will allow any user with Microsoft account and personal Microsoft accounts (e.g. Skype, Xbox)
  • In the redirect URL, add https://localhost:44321 , on this URL we will get an authentication response after successful login.
Fig-3

5. After successful registration you will get the following screen, here is our application details like client id and tenant id, we will use this information later

Fig-4

6. Select Authentication and add the following information

Congratulations! We have completed the first half of Azure AD app registration . Let us start with the second half i.e. visual studio code.

Configure app in .Net core project

  1. Open visual studio and create a new project.
  2. Select ASP.NET Core Web Application.
  3. Give project a meaningful name as AzureADSSOIntegration and Create.
  4. Select any option, I have selected Web Application (Model-View-Controller) and Create.
  5. Now open appsetting.json file and add client id and tenant id, You can get this information from the overview tab of your Azure AD App registration page as mention in Fig.4
Fig-5

6. Install the following package through “Manage Nuget Packages”

  • Microsoft.AspNetCore.Authentication.AzureAD.UI

7. Now open Startup.cs and add following code

public void ConfigureServices(IServiceCollection services)

        {

            services.Configure<CookiePolicyOptions>(options =>

            {

                options.CheckConsentNeeded = context => true;

                options.MinimumSameSitePolicy = SameSiteMode.None;

            });

            services.AddAuthentication(AzureADDefaults.AuthenticationScheme)

                    .AddAzureAD(options => Configuration.Bind(“AzureAd”, options));

            services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>

            {

                options.Authority = options.Authority + “/v2.0/”;

                options.TokenValidationParameters.ValidateIssuer = false;

            });

            services.AddMvc(options =>

            {

                var policy = new AuthorizationPolicyBuilder()

                                .RequireAuthenticatedUser()

                                .Build();

                options.Filters.Add(new AuthorizeFilter(policy));

            })

            .SetCompatibilityVersion(CompatibilityVersion.Version_3_0);

            services.AddControllersWithViews();

        }

And also add this two method call in Configure()

app.UseCookiePolicy();

app.UseAuthentication();

8. Now run the code. The application will first redirect you to Microsoft sign-in page and after the successful login you will get login user information.

Fig-6

That’s it, we have learned how to implement Single Sign-On In .NET Core with Azure Active Directory.

References:

What is SSO

https://www.onelogin.com/learn/how-single-sign-on-works

What is Azure AD

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis#:~:text=Azure%20Active%20Directory%20(Azure%20AD,in%20and%20access%20resources%20in%3A&text=Internal%20resources%2C%20such%20as%20apps,developed%20by%20your%20own%20organization.

Azure AD implementation

https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp

Leave a Reply

Get started with Bloom