Versions Compared

Old Version 4

changes.mady.by.user Dev Raj Gautam

Saved on

compared with

New Version 5

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Assembly information of Easy Auth HTTP Module

  • Class: AzDirectoryAuthentication

  • Assembly: EmpowerID.OwinPlugIn.V47.dll

  • Platform: .NET Framework 4.7.2

  1. Add the EmpowerID.OwinPlugIn.V47.dll assembly reference to your MVC project and add the assembly level OwinStartupAttribute to the main web application project.

    Code Block
    [assembly: OwinStartupAttribute(typeof(MyAppOwin.Startup))]

  2. In the Startup.Configuration method uses the AzDirectoryAuthentication.ConfigureAzureADAuth () method to configure the Azure AD authentication for the application. You may need to use the AntiForgeryConfig.UniqueClaimTypeIdentifier to identify the claim type for the user identity claim.

    Code Block
    public void Configuration(IAppBuilder app) {
  AntiForgeryConfig.UniqueClaimTypeIdentifier = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier";

  AzDirectoryAuthentication.ConfigureAzureADAuth(app, Startup.Config, null,
    delegate(Microsoft.Owin.IOwinContext context, IPrincipal principal) {
      //TODO: Claims transformation code goes here

      return new AuthenticationTicket((ClaimsIdentity) principal.Identity, new AuthenticationProperties());
    });
}

  3. In the Startup class, you can create a static property to return the AuthenticationConfig passed to the AzDirectoryAuthentication.ConfigureAzureADAuth() method. An instance of the AuthenticationConfig class provides the configuration settings for the target Azure AD.
    These are some important settings to configure

...

  1. :
    ▪️ ClientId: The Client ID or Application ID of the registered application in Azure AD.
    ▪️ ClientSecret: A client secret generated in the registered application in Azure AD.
    ▪️ Authority: The global Azure AD authentication endpoint.

...

  1. RedirectUri: The default landing URL of the application.

    Code Block
    public static AuthenticationConfig Config
        {
            get
            {
                return new AuthenticationConfig
                {
                    ClientId = ConfigurationManager.AppSettings["ida:ClientId"],
                    ClientSecret = ConfigurationManager.AppSettings["ida:ClientSecret"],
                    RedirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"],
                    Authority = ConfigurationManager.AppSettings["ida:Authority"],
                    BasicScope = "openid profile offline_access",
                };
            }
        }

    A sample

...

  1. of the configuration in the web config is shown below.

    Code Block
    <appSettings>
    <add key="ida:ClientId" value="ka05f2e5-e52d-446d-l49e-9ac1e9d492hf" />
    <add key="ida:ClientSecret" value="Zju7Q~AFH2OulZ4Pnb_VVJQwnjfS-Tk1YGhvV" />
    <add key="ida:Authority" value="https://login.microsoftonline.com/common/v2.0" />
    <add key="ida:RedirectUri" value="https://localhost:44327/" />
</appSettings>

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue
Step 2: Implement the Custom Claims Transformer

...

The MsalAppBuilder class contains extensions for the SignInUser() and SignOutUser(), which you can call in the controller for the login and logout actions. An example of the method implementation is shown below.

...

To protect an action with roles, add the [AzAuthorize] attribute and specify the roles the action demands. You can redirect to the route by specifying the controller and action you wish to redirect if and when authorization fails.

Code Block
[AzAuthorize(Roles = "Task.Write", ErrorAction = "NotAuthorized"   ErrorController = "Account")]
public ActionResult Register() {
  return View();
}

If you wish to allow the application to throw an error with the Forbidden HTTP status code, set the EnableForbidden attribute parameter to true.

...