locked
Active directory authentication and cookie authentication in mvc RRS feed

  • Question

  • In our application, we've used the default cookie authentication. When we tried to include Dynamics 365 single sign-on as well in our app, we can't use both at the same time.

    public void ConfigureAuth(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
    
            app.UseCookieAuthentication(new CookieAuthenticationOptions());
            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = ClientId ,
                    Authority = "https://login.windows.net/common",
                    TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
                    {
                        // instead of using the default validation (validating against a single issuer value, as we do in line of business apps),  
                        // we inject our own multitenant validation logic 
                        ValidateIssuer = false,
                    },
                    RedirectUri = "http://localhost:7612"
    
                });
            // Configure the db context, user manager and signin manager to use a single instance per request
            app.CreatePerOwinContext(ApplicationDbContext.Create);
            app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
            app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
    
            // Enable the application to use a cookie to store information for the signed in user
            // and to use a cookie to temporarily store information about a user logging in with a third party login provider
            // Configure the sign in cookie
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login"),
                Provider = new CookieAuthenticationProvider
                {
                    // Enables the application to validate the security stamp when the user logs in.
                    // This is a security feature which is used when you change a password or add an external login to your account.  
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                        validateInterval: TimeSpan.FromMinutes(30),
                        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
                }
            });
            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
    
            // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
            app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
    
            // Enables the application to remember the second login verification factor such as phone or email.
            // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
            // This is similar to the RememberMe option when you log in.
            app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
    
    
        }

    when we comment "UseOpenIdConnectAuthentication" , default cookie authentication is working. And to CRM authentication to work, we have to comment the section below "UseOpenIdConnectAuthentication". By working I mean, we get value in User.Identity.GetUserId(). when both are uncommented, CRM authentication returns null for User.Identity.GetUserId().





    Thursday, February 22, 2018 1:58 AM

All replies

  • Hi,

    Thank you for posting here.

    As far as I know that Microsoft Dynamics 365 supports three security models for authentication: claims-based authentication, Active Directory authentication, and OAuth 2.0.

    Maybe the these models doesn't allow to use with other authentication at same time.

    Since your issue is related to office 365, you can post the issue on here .

    https://techcommunity.microsoft.com/t5/Office-365/bd-p/Office365General

    https://social.msdn.microsoft.com/Forums/office/en-US/home?forum=appsforoffice

    >>Active directory authentication and cookie authentication in mvc                                  

    Did you develop ASP.NET software? or other project?

    Best  Regards,

    Hart


    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, February 22, 2018 8:39 AM
  • https://forums.asp.net/1146.aspx/1?MVC

    MVC issues and Web can be discussed at the above forum.

    Thursday, February 22, 2018 9:27 AM