OpenID Connect from Azure AD

Vote:
 

https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet

We've gotten this sample app working with our client's Office 365 account and I'm now investigating on how we can utilize their Azure Active Directory as at least the authority for membership in their EPi 7.1 intranet.

Just begun this and not on top of it yet but other options could be ASP.NET Identity 2.0 and possibly the upcoming Office 365 plugin. Or maybe something else...

Anyone have gotten Azure AD working with EPi and have any pointers?

#90480
Sep 10, 2014 14:02
Vote:
 

Hi

We are currently finishing a story about making sure EPiServer runs with federated authentication. It is primarly targeted ADFS, but I have tried it with Azure AD as well and it works fine. One thing that differs when running against the Azure AD (compared to ADFS) is that roles are not part of the SecurityToken. One approach (that I found in forums) is to have an own ClaimsAuthenticationManager and there override Authenticate method and get the roles for the user using Graph API and add them as Role claims for the user.

Regarding Office365 I have not tried it but our suggested setup is using Owin and there is Middleware for Office365 (see https://auth0.com/authenticate/aspnet-owin/office365) so it should be possible. I do not know how roles are handled in that scenario though.

#90485
Sep 10, 2014 14:25
This thread is locked and should be used for reference only.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.