I am working on a project, based on this solution: https://github.com/Azure-Samples/active-directory-dotnet-webapp-wsfederation
Currently, the way I have the user authenticate is by default. When the page loads, I call my login script:
Public Sub SignIn() If (Not Request.IsAuthenticated) Then Try Dim newAuth As AuthenticationProperties = New AuthenticationProperties() newAuth.RedirectUri = "/" HttpContext.Current.GetOwinContext().Authentication.Challenge(newAuth, WsFederationAuthenticationDefaults.AuthenticationType) Catch ex As Exception End Try End If End Sub EDIT To add more context, here is my code for APP_START/Startup.Auth.vb:
Partial Public Class Startup Private realm As String = ConfigurationManager.AppSettings("ida:RPIdentifier") Private aadInstance As String = ConfigurationManager.AppSettings("ida:AADInstance") Private tenant As String = ConfigurationManager.AppSettings("ida:Tenant") Private metadata As String = String.Format("{0}/FederationMetadata/2007-06/FederationMetadata.xml", aadInstance) Private authority As String = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant) Public Sub ConfigureAuth(app As IAppBuilder) Try app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType) app.UseCookieAuthentication(New CookieAuthenticationOptions()) Dim authOption As WsFederationAuthenticationOptions = New WsFederationAuthenticationOptions() app.UseWsFederationAuthentication(New WsFederationAuthenticationOptions() With { .Wtrealm = realm, .MetadataAddress = metadata, .Notifications = New WsFederationAuthenticationNotifications() With { .AuthenticationFailed = Function(context) context.HandleResponse() context.Response.Redirect("Home/Error?message=" + context.Exception.Message) Return Task.FromResult(0) End Function } }) Catch ex As Exception Throw ex End Try End Sub End Class What I want to avoid, though, is if someone from outside our network views the site, I don't want them to be redirected to the Azure Single Sign On login page. I just want them to proceed to the website, where my code will handle what they can see and do. I will, eventually, add a login button that will take them to the login page, in the event they are just off site. But, for now, how do I skip the login page?
Second, I want to handle the possibility that Azure ADFS is down. In this case, I just want the user to be redirected to the website, as un-authenticated users. I test this by disconnecting from the Internets and running my app. I've tried using Try blocks, but I still get these errors:
The remote name could not be resolved: 'adfs.myCompany.com'
IOException: Unable to get document from: https://adfs.myCompany.com/FederationMetadata/2007-06/FederationMetadata.xml
[InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://adfs.myCompany.com/FederationMetadata/2007-06/FederationMetadata.xml'.]
Are these settings in Azure I should be making or in my code? Any help, with either of these issues, would be great. I needed, I can also add my Start.Auth.vb code, as well.
thanks
1 Answers
Answers 1
Unfortunately, using the samples Microsoft provides will enforce auto-sign on. That being said, there are two options:
- Choose a different authentication scheme
- Use a an Azure application with an oAuth code flow to sign in when a user clicks the login in link, then read the user's profile and determine their authorization rights.
If I misunderstood, please let me know. Hope this helps!
0 comments:
Post a Comment