Вы можете следовать приведенному ниже примеру кода, который я разместил в Github
https://github.com/azure-cxp-community/Azure_CXP_Comunity_Engineering/tree/master/src/DeveloperTools/WebApp.OpenIdConnect.Guide
Вот что вам нужно настроить в Azure AD:
1)Создайте регистрацию приложения и добавьте URL-адрес ответа, аналогичный вашему веб-приложению.в этом примере URL моего ответа: http://localhost:2997/.
2) Добавьте разрешение на использование Windows Azure Active Directory.
3) Предоставьте этому приложению разрешение на использование Active Directory.
Ваше приложение может начать использовать Azure AD для проверки подлинности.
Загрузите код и измените идентификатор клиента в решении web.config и в соответствии сваше приложение, и вы можете продолжить аутентификацию.
Вот код для запуска .Auth
public class Startup
{
// The Client ID (a.k.a. Application ID) is used by the application to uniquely identify itself to Azure AD
string clientId = System.Configuration.ConfigurationManager.AppSettings["ClientId"];
// RedirectUri is the URL where the user will be redirected to after they sign in
string redirectUrl = System.Configuration.ConfigurationManager.AppSettings["redirectUrl"];
// Tenant is the tenant ID (e.g. contoso.onmicrosoft.com, or 'common' for multi-tenant)
static string tenant = System.Configuration.ConfigurationManager.AppSettings["Tenant"];
// Authority is the URL for authority, composed by Azure Active Directory endpoint and the tenant name (e.g. https://login.microsoftonline.com/contoso.onmicrosoft.com)
string authority = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings["Authority"], tenant);
/// <summary>
/// Configure OWIN to use OpenIdConnect
/// </summary>
/// <param name="app"></param>
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// Sets the ClientId, authority, RedirectUri as obtained from web.config
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUrl,
// PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
PostLogoutRedirectUri = redirectUrl,
//Scope is the requested scope: OpenIdConnectScopes.OpenIdProfileis equivalent to the string 'openid profile': in the consent screen, this will result in 'Sign you in and read your profile'
Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
ResponseType = OpenIdConnectResponseType.IdToken,
// ValidateIssuer set to false to allow work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name or Id (example: contoso.onmicrosoft.com)
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false
},
// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed
}
}
);
}
/// <summary>
/// Handle failed authentication requests by redirecting the user to the home page with an error in the query string
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
{
context.HandleResponse();
context.Response.Redirect("/?errormessage=" + context.Exception.Message);
return Task.FromResult(0);
}
}
Вот список package.config, который я использую в моем примере.
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="bootstrap" version="3.0.0" targetFramework="net461" />
<package id="jQuery" version="1.10.2" targetFramework="net461" />
<package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net461" />
<package id="Microsoft.AspNet.Razor" version="3.2.3" targetFramework="net461" />
<package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net461" />
<package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="1.0.5" targetFramework="net461" />
<package id="Microsoft.IdentityModel.Logging" version="5.2.1" targetFramework="net461" />
<package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.0" targetFramework="net461" />
<package id="Microsoft.IdentityModel.Protocols" version="5.2.1" targetFramework="net461" />
<package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="5.2.1" targetFramework="net461" />
<package id="Microsoft.IdentityModel.Tokens" version="5.2.1" targetFramework="net461" />
<package id="Microsoft.Net.Compilers" version="2.1.0" targetFramework="net461" developmentDependency="true" />
<package id="Microsoft.Owin" version="4.0.0" targetFramework="net461" />
<package id="Microsoft.Owin.Host.SystemWeb" version="4.0.0" targetFramework="net461" />
<package id="Microsoft.Owin.Security" version="4.0.0" targetFramework="net461" />
<package id="Microsoft.Owin.Security.Cookies" version="4.0.0" targetFramework="net461" />
<package id="Microsoft.Owin.Security.OpenIdConnect" version="4.0.0" targetFramework="net461" />
<package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net461" />
<package id="Modernizr" version="2.6.2" targetFramework="net461" />
<package id="Newtonsoft.Json" version="10.0.1" targetFramework="net461" />
<package id="Owin" version="1.0" targetFramework="net461" />
<package id="System.IdentityModel.Tokens.Jwt" version="5.2.1" targetFramework="net461" />
</packages>
Надеюсь, это поможет.