Migrate Authentication/Authorization Functionality from ASP.NET 4.8 to ASP.NET Core 6
csharpdev
I am migrating an application from ASP.NET 4.8 to ASP.NET Core 6.
It is hosted in Azure, it uses Azure App Service, App Registration, App Roles, Enterprise Application.
The following is used in the ASP.NET 4.8 project:
App_Start/Startup.Auth.cs:
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
var clientId = ConfigurationManager.AppSettings["ida:ClientId"];
var aADInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
var tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
var postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
var authority = string.Format(CultureInfo.InvariantCulture, aADInstance, tenantId);
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
CookieManager = new SystemWebChunkingCookieManager()
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = ClaimTypes.Name,
RoleClaimType = ClaimTypes.Role
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = context =>
{
context.HandleResponse();
context.OwinContext.Response.Redirect("/");
return Task.FromResult(0);
}
}
}
);
}
}
Startup.cs:
using Microsoft.Owin;
using Owin;
[assembly: OwinStartup(typeof(App.Startup))]
namespace App
{
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
}
}
}
CustomAuthorizeAttribute.cs:
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
private readonly string[] _roles;
public CustomAuthorizeAttribute(params string[] roles)
{
_roles = roles;
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return Authorize(httpContext);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
base.HandleUnauthorizedRequest(filterContext);
}
public bool GetAuthorization(HttpContextBase httpContext)
{
return Authorize(httpContext);
}
protected bool Authorize(HttpContextBase httpContext)
{
var authorize = false;
var coreDb = new CoreDbContext();
foreach (var role in _roles)
{
var adGroups = coreDb.GetAdGroupsFromRole(role);
foreach (var adGroup in adGroups.ResultSet1)
{
if (httpContext.User.IsInRole(adGroup.ActiveDirectoryGroup))
{
authorize = true;
break;
}
}
if (authorize)
break;
}
return authorize;
}
}
AccountController.cs:
public class AccountController : Controller
{
public void SignIn()
{
if (!Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties
{
RedirectUri = "/"
},
OpenIdConnectAuthenticationDefaults.AuthenticationType
);
}
}
public void SignOut()
{
HttpContext.GetOwinContext().Authentication.SignOut(
OpenIdConnectAuthenticationDefaults.AuthenticationType,
CookieAuthenticationDefaults.AuthenticationType
);
}
}
CustomAuthorizeAttribute in use:
[CustomAuthorize("SomeAzureAppRole")]
_Login.cshtml:
@if (Request.IsAuthenticated)
{
<text>
Hello, @User.Identity.Name <a href="/Account/SignOut"> Sign Out</a>
</text>
}
Web.config/appSettings:
<appSettings>
<add key="ida:ClientId" value="SomeGuidValue" />
<add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" />
<add key="ida:TenantId" value="SomeGuidValue" />
<add key="ida:PostLogoutRedirectUri" value="https://localhost:SomePortNumber/" />
</appSettings>
Examples that provide similar functionality in ASP.NET Core 6?
Harshitha
Thanks @NaveenBaliga for the comment.
The links provided by @NaveenBaliga will help you to understand the Structure and the available files in .NET Core.
You can get the Authentication/Authorization Functionality directly by adding the Authentication mode as Microsoft Identity Platform.
Check the below Workaround to get the Sample Code
- Create a
.NET Core 6Application. Select the Authentication Type asMicrosoft Identity Platform.
- Once we click on create Project, the Project will be created, and the below screen is shown.
- Continue with the next steps.
It is hosted in Azure, it uses Azure App Service, App Registration, App Roles, Enterprise Application.
- Select the correct tenant.
As the shown example works only for Owned Applications, if you want the application and code format follow the steps with some sample Owned Application.
Once the Code is configured, you can change the Configuration settings in
appsettings.jsonfile with your Enterprise application.Select the registered app, create one if you don't have and click on Next.
Select the required permissions (Skip if not required), Continue with Next steps.
Registered app will be updated with the required
Redirect URIand all the required packages, code gets updated in the Application.
Application folder Structure:
My _LoginPartial.cshtml
@using System.Security.Principal
<ul class="navbar-nav">
@if (User.Identity?.IsAuthenticated == true)
{
<span class="navbar-text text-dark">Hello @User.Identity?.Name!</span>
<li class="nav-item">
<a class="nav-link text-dark" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignOut">Sign out</a>
</li>
}
else
{
<li class="nav-item">
<a class="nav-link text-dark" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignIn">Sign in</a>
</li>
}
</ul>
My appsettings.json file:
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "****.onmicrosoft.com",
"TenantId": "****",
"ClientId": "****",
"CallbackPath": "/signin-oidc"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*"
}
Output:
Collected from the Internet
Please contact [email protected] to delete if infringement.
edited at
- Prev: How to fix Entity Framework Core cascade delete error in a many-to-many relationship?
- Next: How to authenticate to ssh git repository using only login and password?
Related
TOP Ranking
- 1
Loopback Error: connect ECONNREFUSED 127.0.0.1:3306 (MAMP)
- 2
Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background
- 3
pump.io port in URL
- 4
How to import an asset in swift using Bundle.main.path() in a react-native native module
- 5
Failed to listen on localhost:8000 (reason: Cannot assign requested address)
- 6
Spring Boot JPA PostgreSQL Web App - Internal Authentication Error
- 7
Emulator wrong screen resolution in Android Studio 1.3
- 8
3D Touch Peek Swipe Like Mail
- 9
Double spacing in rmarkdown pdf
- 10
Svchost high CPU from Microsoft.BingWeather app errors
- 11
How to how increase/decrease compared to adjacent cell
- 12
Using Response.Redirect with Friendly URLS in ASP.NET
- 13
java.lang.NullPointerException: Cannot read the array length because "<local3>" is null
- 14
BigQuery - concatenate ignoring NULL
- 15
How to fix "pickle_module.load(f, **pickle_load_args) _pickle.UnpicklingError: invalid load key, '<'" using YOLOv3?
- 16
ngClass error (Can't bind ngClass since it isn't a known property of div) in Angular 11.0.3
- 17
Can a 32-bit antivirus program protect you from 64-bit threats
- 18
Make a B+ Tree concurrent thread safe
- 19
Bootstrap 5 Static Modal Still Closes when I Click Outside
- 20
Vector input in shiny R and then use it
- 21
Assembly definition can't resolve namespaces from external packages
Comments