You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+17-1Lines changed: 17 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,6 +10,8 @@ endpoint: AAD V2
10
10
11
11
This sample shows how to build a .NET Core MVC Web app that uses OpenID Connect to sign in users with their Work and School or Microsoft personal account (formerly live accounts). It leverages the ASP.NET Core OpenID Connect middleware.
12
12
13
+
14
+
13
15
For more information on how the protocols work in this scenario and other scenarios, see [Authentication Scenarios for Azure AD](http://go.microsoft.com/fwlink/?LinkId=394414).
14
16
15
17
## How to run this sample
@@ -100,6 +102,8 @@ Make a request to the app. The app immediately attempts to authenticate you via
100
102
101
103
## About The code
102
104
105
+
### ASP.NET Core middleware
106
+
103
107
This sample shows how to use the OpenID Connect ASP.NET Core middleware to sign in users from a single Azure AD tenant. The middleware is initialized in the `Startup.cs` file by passing it the Client ID of the app and the URL of the Azure AD tenant where the app is registered, which is read from the `appsettings.json` file. The middleware takes care of:
104
108
105
109
- Downloading the Azure AD metadata, finding the signing keys, and finding the issuer name for the tenant.
@@ -123,6 +127,14 @@ return SignOut(
123
127
OpenIdConnectDefaults.AuthenticationScheme);
124
128
```
125
129
130
+
The middleware in this project is created as a part of the open-source [ASP.NET Security](https://github.com/aspnet/Security) project.
131
+
132
+
### What is specific to Azure AD V2?
133
+
134
+
ASP.NET Core creates Web applications for the V1 endpoint. It's easy, however to update the code to let users sign-in with both work and school accounts and Microsoft personal accounts. It's also possible to restrict the accounts used to sign-in
135
+
136
+
#### Modified code
137
+
126
138
The specific Azure AD V2 code is in `Configure(string name, OpenIdConnectOptions options)`:
127
139
128
140
```CSharp
@@ -134,4 +146,8 @@ The first line tells the middleware to let sign-in users with the Azure AD V2 en
134
146
135
147
The second line tells the middleware to not validate the tenants. If you want to validate the tenants, you can set `ValidateIssuer` to true, and add a delegate as the `options.TokenValidationParameters.IssuerValidator` property.
136
148
137
-
The middleware in this project is created as a part of the open-source [ASP.NET Security](https://github.com/aspnet/Security) project.
149
+
#### Variations
150
+
151
+
You can decide which user accounts can sign-in to your Web App by changing the Authority. The picture below shows all the possibilities
0 commit comments