Active directory authentication and cookie authentication in mvc RRS feed

  • Question

  • In our application, we've used the default cookie authentication. When we tried to include Dynamics 365 single sign-on as well in our app, we can't use both at the same time.

    public void ConfigureAuth(IAppBuilder app)
            app.UseCookieAuthentication(new CookieAuthenticationOptions());
                new OpenIdConnectAuthenticationOptions
                    ClientId = ClientId ,
                    Authority = "",
                    TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
                        // instead of using the default validation (validating against a single issuer value, as we do in line of business apps),  
                        // we inject our own multitenant validation logic 
                        ValidateIssuer = false,
                    RedirectUri = "http://localhost:7612"
            // Configure the db context, user manager and signin manager to use a single instance per request
            // Enable the application to use a cookie to store information for the signed in user
            // and to use a cookie to temporarily store information about a user logging in with a third party login provider
            // Configure the sign in cookie
            app.UseCookieAuthentication(new CookieAuthenticationOptions
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login"),
                Provider = new CookieAuthenticationProvider
                    // Enables the application to validate the security stamp when the user logs in.
                    // This is a security feature which is used when you change a password or add an external login to your account.  
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                        validateInterval: TimeSpan.FromMinutes(30),
                        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
            app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
            // Enables the application to remember the second login verification factor such as phone or email.
            // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
            // This is similar to the RememberMe option when you log in.

    when we comment "UseOpenIdConnectAuthentication" , default cookie authentication is working. And to CRM authentication to work, we have to comment the section below "UseOpenIdConnectAuthentication". By working I mean, we get value in User.Identity.GetUserId(). when both are uncommented, CRM authentication returns null for User.Identity.GetUserId().

    Thursday, February 22, 2018 1:58 AM

All replies