I need to enable SSO in an older ASP.NET MVC 5 application built with .NET 4.8. I intend to use Azure Active Directory and OpenID Connect.
I've been scouring the web for days, but all of the examples are for newer versions of .NET framework, mostly Core, or assume that the project is initially created with this type of sign in enabled, which mine isn't. So, I'm missing key pieces of the setup, like AuthConfig.cs and Startup.Auth.cs classes and I don't know if I should add these manually or not, which ones to add, and what to do with them afterwards... Some resources use DotNetOpenAuth.AspNet while others rely on Microsoft.Owin.Security.OpenIdConnect.
I know this is probably too broad of a question for StackOverflow, but if anyone can answer, or at least point me to a right resource, I'd be very grateful.
In the end, I created a brand new MVC 5 app without SSO, versioned it with Git and committed that empty project. Then, I deleted the entire project and created another MVC 5 app with the same name, this time with SSO enabled by setting Authentication to, if I remember correctly, Individual User Accounts.
Then, I could see the differences between the original and new projects, and move scaffolded files one by one into the project I've been working on.
The old project uses nHibernate, not Entity Framework, so I just went in and commented out everything related to EF. This includes, but is probably not limited to:
// In Startup.Auth.cs:
//app.CreatePerOwinContext(ApplicationDbContext.Create);
//app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
//app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// In Startup.Auth.cs, in app.UseCookieAuthentication(...) call:
//Provider = new CookieAuthenticationProvider
//{
// // Enables the application to validate the security stamp when the user logs in.
// // This is a security feature which is used when you change a password or add an external login to your account.
// OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
// validateInterval: TimeSpan.FromMinutes(30),
// regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
//}
// entire ApplicationUserManager.Create method in IdentityConfig.cs
// ApplicationSignInManager.CreateUserIdentityAsync method in IdentityConfig.cs
// entire ApplicationUser.GenerateUserIdentityAsync method in ApplicationUser model
After that, I could hardcode OpenIdConnect as SSO provider in scaffolded Index.cshtml and remove everything from ExternalLoginCallback method in also scaffolded AccountController, except for:
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
return RedirectToAction("Index");
}
If user is authenticated, loginInfo will not be null, and I'm using that information to continue the sign in process in a completely custom way.
These are not all steps, but these ones I can remember. Hope it helps someone.