WebForms authentication against Azure AD

Question

I have a WebForms site that has been running on an internal server and authenticating users against our internal Active Directory. Due to some new features that we are implemen

Answer 1

Maybe I'm missing something, but I don't see why you need the custom login page or the external signin cookie. A typical Startup.Auth for OIDC/AAD looks something like this:

app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
        ClientId = "AppGUID",
        Authority = "https://login.windows.net/MyDomain.com",

        // After authentication return user to the page they were trying
        // to access before being redirected to the Azure AD signin page.
        Notifications = new OpenIdConnectAuthenticationNotifications()
        {
            RedirectToIdentityProvider = (context) =>
                {
                    string currentUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.Path;
                    context.ProtocolMessage.RedirectUri = currentUrl;

                    return Task.FromResult(0);
                }
        }
    });

The cookie auth is just to keep from going to AAD for every single request. All the real work happens in the OpenIdConnectAuthentication.

Here's an example of WebForms, Azure AD, and OpenID Connect:

http://www.cloudidentity.com/blog/2014/07/24/protecting-an-asp-net-webforms-app-with-openid-connect-and-azure-ad/