带有OWIN的Azure B2C SSO

时间:2017-10-02 10:35:44

标签: c# single-sign-on owin openid-connect

我们正在尝试实现涉及两个应用程序的以下场景:

  1. Web应用程序APP1和APP2都使用Azure B2C身份验证
  2. 用户转到APP1。需要身份验证,APP1重定向到APP2
  3. APP2针对Azure B2C进行身份验证,然后允许用户选择存储在Cookie中的设置。完成后,用户将重定向回APP1

  4. 现在还应对APP1进行身份验证,因为它使用Azure B2C并在策略中配置了SSO。 我的问题是在步骤4中,APP1将无法识别用户已通过APP2登录AB2C。

            var cookieAuthenticationOptions = new CookieAuthenticationOptions
    {
        CookieDomain = ".app.localhost",
        CookieName = "IAMAuthentication",
        ExpireTimeSpan = TimeSpan.FromMinutes(30),
        SlidingExpiration = true,
        CookieSecure = CookieSecureOption.SameAsRequest,
        LoginPath = new PathString("/login"),
        LogoutPath = new PathString("/logout"),
        Provider = new CookieAuthenticationProvider
        {
            OnApplyRedirect = ApplyCookieRedirect
        }
    };

    var openIdAuthOptions = new OpenIdConnectAuthenticationOptions
    {
        RedirectUri = RedirectUri,
        ClientId = ClientId,
        Authority = string.Format(AadInstance, ApiTenant, SignInPolicy),
        TokenValidationParameters = new TokenValidationParameters { NameClaimType = "name", SaveSigninToken = true },
        PostLogoutRedirectUri = RedirectUri
    };

    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
    app.UseCookieAuthentication(cookieAuthenticationOptions);

    app.UseOpenIdConnectAuthentication(openIdAuthOptions);

    app.UseStageMarker(PipelineStage.Authenticate);

1 个答案:

答案 0 :(得分:0)

原来是租户中缺少的配置。

相关问题
最新问题