Identityserver 4 and Azure AD

Question

I\'m looking into using Identity Server 4 for authentication within a C# based MVC application. I\'d like to use accounts stored in Azure AD as a source of valid users but t

Answer 1

You can use signin to Azure AD from IdentityServer just as you would use signin to IdentityServer from e.g. a Javascript or MVC app.

I have done this recently, and all you need to do is register OpenIdConnect options to Azure Ad like this:

public void ConfigureAuth(IAppBuilder app)
{
    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

    app.UseCookieAuthentication(new CookieAuthenticationOptions());

    app.UseOpenIdConnectAuthentication(
        new OpenIdConnectAuthenticationOptions
        {
            ClientId = clientId,
            Authority = authority,
            PostLogoutRedirectUri = postLogoutRedirectUri,
        });
}

More info about this here: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-webapp-dotnet

You should then in your Login action call the ChallengeAsync method:

var authenticationProperties = new AuthenticationProperties { RedirectUri = "your redirect uri" };
await HttpContext.Authentication.ChallengeAsync(your policy, authenticationProperties);

Then provide a callback method as a GET method then follow the External Login samples provided in IdentityServer samples: https://github.com/IdentityServer/IdentityServer4.Samples/blob/dev/Quickstarts/4_ImplicitFlowAuthenticationWithExternal/src/QuickstartIdentityServer/Quickstart/Account/AccountController.cs

Answer 2

There is a sample with Azure AD on github , forked from External Login sample provided in IdentityServer samples.

The sample also fixed a known issue "State parameter generated by middleware is too large for Azure AD #978"