OpenId Connect Authentication .NET Core












0















We are trying to authenticate internal users via Azure AD when they visit certain pages. Our servers are not on site, so we are looking for an API where we can just pass the username and password of the user and receive whether they are in our organization and which groups they are apart of. It was possible in framework. Does such a thing exist for .NET Core?



UPDATE:
Thanks for replying! It seems to be giving me the authorization code now and now I'm trying to use this to get a token to then use that access token to get the user's groups (please correct me if I'm going about this the wrong way). My problem is I keep getting a bad request error. I've gone over the parameters a bunch and can't find what I'm missing. Here is my current set up of the API URLS, am I missing something?



 string postData = $"{{"grant_type":"{grant_type}","client_id":"{client_id}","code":"{code}","redirect_uri":"{redirect_uri}","client_secret":"{client_secret}"}}";

 string redirectUrl = $"https://login.microsoftonline.com/{tenant_id}/oauth2/authorize?client_id={client_id}&response_type={response_type}&redirect_uri={redirect_uri}&response_mode={response_mode}&resource={client_id}";

 string requestUriString = $"https://login.microsoftonline.com/{tenant_id}/oauth2/token";


UPDATE 2: I figured out what was wrong, I was passing the post data as a Json String when it needed to be x-www-form-urlencoded.






c# asp.net-core azure-active-directory openid-connect







share|improve this question




















  • 1





    Azure AD does not support LDAP. To do what you want, you'll need to use OpenID Connect, authenticate the user with Azure AD, and setup your app registration such that you get their group memberships as claims in the Id token. Though all of them might not fit in the token if there are too many, in which case you'll need to query the user's group memberships from Microsoft Graph API.

    – juunas
    Nov 22 '18 at 6:59











  • docs.microsoft.com/en-us/azure/active-directory/develop/…

    – juunas
    Nov 22 '18 at 7:02











  • Thanks for answering! Once a user goes to the login page and is authenticated, how do I then retrieve that form post data?

    – RyBart
    Nov 28 '18 at 22:46













  • The page will send the user back to your site with an authorization code that you can then exchange in your back-end for an access token, Id token and refresh token. The access tokens allow you to call APIs, the Id token tells you who the user is and th me refresh token allows you to get new access tokens when they expire.

    – juunas
    Nov 29 '18 at 6:20
















0















We are trying to authenticate internal users via Azure AD when they visit certain pages. Our servers are not on site, so we are looking for an API where we can just pass the username and password of the user and receive whether they are in our organization and which groups they are apart of. It was possible in framework. Does such a thing exist for .NET Core?



UPDATE:
Thanks for replying! It seems to be giving me the authorization code now and now I'm trying to use this to get a token to then use that access token to get the user's groups (please correct me if I'm going about this the wrong way). My problem is I keep getting a bad request error. I've gone over the parameters a bunch and can't find what I'm missing. Here is my current set up of the API URLS, am I missing something?



 string postData = $"{{"grant_type":"{grant_type}","client_id":"{client_id}","code":"{code}","redirect_uri":"{redirect_uri}","client_secret":"{client_secret}"}}";

 string redirectUrl = $"https://login.microsoftonline.com/{tenant_id}/oauth2/authorize?client_id={client_id}&response_type={response_type}&redirect_uri={redirect_uri}&response_mode={response_mode}&resource={client_id}";

 string requestUriString = $"https://login.microsoftonline.com/{tenant_id}/oauth2/token";


UPDATE 2: I figured out what was wrong, I was passing the post data as a Json String when it needed to be x-www-form-urlencoded.






c# asp.net-core azure-active-directory openid-connect







share|improve this question




















  • 1





    Azure AD does not support LDAP. To do what you want, you'll need to use OpenID Connect, authenticate the user with Azure AD, and setup your app registration such that you get their group memberships as claims in the Id token. Though all of them might not fit in the token if there are too many, in which case you'll need to query the user's group memberships from Microsoft Graph API.

    – juunas
    Nov 22 '18 at 6:59











  • docs.microsoft.com/en-us/azure/active-directory/develop/…

    – juunas
    Nov 22 '18 at 7:02











  • Thanks for answering! Once a user goes to the login page and is authenticated, how do I then retrieve that form post data?

    – RyBart
    Nov 28 '18 at 22:46













  • The page will send the user back to your site with an authorization code that you can then exchange in your back-end for an access token, Id token and refresh token. The access tokens allow you to call APIs, the Id token tells you who the user is and th me refresh token allows you to get new access tokens when they expire.

    – juunas
    Nov 29 '18 at 6:20














0












0








0








We are trying to authenticate internal users via Azure AD when they visit certain pages. Our servers are not on site, so we are looking for an API where we can just pass the username and password of the user and receive whether they are in our organization and which groups they are apart of. It was possible in framework. Does such a thing exist for .NET Core?



UPDATE:
Thanks for replying! It seems to be giving me the authorization code now and now I'm trying to use this to get a token to then use that access token to get the user's groups (please correct me if I'm going about this the wrong way). My problem is I keep getting a bad request error. I've gone over the parameters a bunch and can't find what I'm missing. Here is my current set up of the API URLS, am I missing something?



 string postData = $"{{"grant_type":"{grant_type}","client_id":"{client_id}","code":"{code}","redirect_uri":"{redirect_uri}","client_secret":"{client_secret}"}}";

 string redirectUrl = $"https://login.microsoftonline.com/{tenant_id}/oauth2/authorize?client_id={client_id}&response_type={response_type}&redirect_uri={redirect_uri}&response_mode={response_mode}&resource={client_id}";

 string requestUriString = $"https://login.microsoftonline.com/{tenant_id}/oauth2/token";


UPDATE 2: I figured out what was wrong, I was passing the post data as a Json String when it needed to be x-www-form-urlencoded.






c# asp.net-core azure-active-directory openid-connect







share|improve this question
















We are trying to authenticate internal users via Azure AD when they visit certain pages. Our servers are not on site, so we are looking for an API where we can just pass the username and password of the user and receive whether they are in our organization and which groups they are apart of. It was possible in framework. Does such a thing exist for .NET Core?



UPDATE:
Thanks for replying! It seems to be giving me the authorization code now and now I'm trying to use this to get a token to then use that access token to get the user's groups (please correct me if I'm going about this the wrong way). My problem is I keep getting a bad request error. I've gone over the parameters a bunch and can't find what I'm missing. Here is my current set up of the API URLS, am I missing something?



 string postData = $"{{"grant_type":"{grant_type}","client_id":"{client_id}","code":"{code}","redirect_uri":"{redirect_uri}","client_secret":"{client_secret}"}}";

 string redirectUrl = $"https://login.microsoftonline.com/{tenant_id}/oauth2/authorize?client_id={client_id}&response_type={response_type}&redirect_uri={redirect_uri}&response_mode={response_mode}&resource={client_id}";

 string requestUriString = $"https://login.microsoftonline.com/{tenant_id}/oauth2/token";


UPDATE 2: I figured out what was wrong, I was passing the post data as a Json String when it needed to be x-www-form-urlencoded.






c# asp.net-core azure-active-directory openid-connect




c# asp.net-core azure-active-directory openid-connect






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 14 '18 at 18:24







RyBart

















asked Nov 21 '18 at 21:46









RyBartRyBart

53




53








  • 1





    Azure AD does not support LDAP. To do what you want, you'll need to use OpenID Connect, authenticate the user with Azure AD, and setup your app registration such that you get their group memberships as claims in the Id token. Though all of them might not fit in the token if there are too many, in which case you'll need to query the user's group memberships from Microsoft Graph API.

    – juunas
    Nov 22 '18 at 6:59











  • docs.microsoft.com/en-us/azure/active-directory/develop/…

    – juunas
    Nov 22 '18 at 7:02











  • Thanks for answering! Once a user goes to the login page and is authenticated, how do I then retrieve that form post data?

    – RyBart
    Nov 28 '18 at 22:46













  • The page will send the user back to your site with an authorization code that you can then exchange in your back-end for an access token, Id token and refresh token. The access tokens allow you to call APIs, the Id token tells you who the user is and th me refresh token allows you to get new access tokens when they expire.

    – juunas
    Nov 29 '18 at 6:20














  • 1





    Azure AD does not support LDAP. To do what you want, you'll need to use OpenID Connect, authenticate the user with Azure AD, and setup your app registration such that you get their group memberships as claims in the Id token. Though all of them might not fit in the token if there are too many, in which case you'll need to query the user's group memberships from Microsoft Graph API.

    – juunas
    Nov 22 '18 at 6:59











  • docs.microsoft.com/en-us/azure/active-directory/develop/…

    – juunas
    Nov 22 '18 at 7:02











  • Thanks for answering! Once a user goes to the login page and is authenticated, how do I then retrieve that form post data?

    – RyBart
    Nov 28 '18 at 22:46













  • The page will send the user back to your site with an authorization code that you can then exchange in your back-end for an access token, Id token and refresh token. The access tokens allow you to call APIs, the Id token tells you who the user is and th me refresh token allows you to get new access tokens when they expire.

    – juunas
    Nov 29 '18 at 6:20








1




1





Azure AD does not support LDAP. To do what you want, you'll need to use OpenID Connect, authenticate the user with Azure AD, and setup your app registration such that you get their group memberships as claims in the Id token. Though all of them might not fit in the token if there are too many, in which case you'll need to query the user's group memberships from Microsoft Graph API.

– juunas
Nov 22 '18 at 6:59





Azure AD does not support LDAP. To do what you want, you'll need to use OpenID Connect, authenticate the user with Azure AD, and setup your app registration such that you get their group memberships as claims in the Id token. Though all of them might not fit in the token if there are too many, in which case you'll need to query the user's group memberships from Microsoft Graph API.

– juunas
Nov 22 '18 at 6:59













docs.microsoft.com/en-us/azure/active-directory/develop/…

– juunas
Nov 22 '18 at 7:02





docs.microsoft.com/en-us/azure/active-directory/develop/…

– juunas
Nov 22 '18 at 7:02













Thanks for answering! Once a user goes to the login page and is authenticated, how do I then retrieve that form post data?

– RyBart
Nov 28 '18 at 22:46







Thanks for answering! Once a user goes to the login page and is authenticated, how do I then retrieve that form post data?

– RyBart
Nov 28 '18 at 22:46















The page will send the user back to your site with an authorization code that you can then exchange in your back-end for an access token, Id token and refresh token. The access tokens allow you to call APIs, the Id token tells you who the user is and th me refresh token allows you to get new access tokens when they expire.

– juunas
Nov 29 '18 at 6:20





The page will send the user back to your site with an authorization code that you can then exchange in your back-end for an access token, Id token and refresh token. The access tokens allow you to call APIs, the Id token tells you who the user is and th me refresh token allows you to get new access tokens when they expire.

– juunas
Nov 29 '18 at 6:20












1 Answer
1






active

oldest

votes


















0














I'm not completely sure this will solve your problem but you might want to have a look at the following .NET Core sample (with MSAL.NET): https://github.com/Azure-Samples/active-directory-dotnetcore-console-up-v2



This is with the usual disclaimer that we really don't recommend anybody to use username/password. There are other much better possibilities. For the full picture, see https://aka.ms/msal-net-scenarios






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53420920%2fopenid-connect-authentication-net-core%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    I'm not completely sure this will solve your problem but you might want to have a look at the following .NET Core sample (with MSAL.NET): https://github.com/Azure-Samples/active-directory-dotnetcore-console-up-v2



    This is with the usual disclaimer that we really don't recommend anybody to use username/password. There are other much better possibilities. For the full picture, see https://aka.ms/msal-net-scenarios






    share|improve this answer




























      0














      I'm not completely sure this will solve your problem but you might want to have a look at the following .NET Core sample (with MSAL.NET): https://github.com/Azure-Samples/active-directory-dotnetcore-console-up-v2



      This is with the usual disclaimer that we really don't recommend anybody to use username/password. There are other much better possibilities. For the full picture, see https://aka.ms/msal-net-scenarios






      share|improve this answer


























        0












        0








        0







        I'm not completely sure this will solve your problem but you might want to have a look at the following .NET Core sample (with MSAL.NET): https://github.com/Azure-Samples/active-directory-dotnetcore-console-up-v2



        This is with the usual disclaimer that we really don't recommend anybody to use username/password. There are other much better possibilities. For the full picture, see https://aka.ms/msal-net-scenarios






        share|improve this answer













        I'm not completely sure this will solve your problem but you might want to have a look at the following .NET Core sample (with MSAL.NET): https://github.com/Azure-Samples/active-directory-dotnetcore-console-up-v2



        This is with the usual disclaimer that we really don't recommend anybody to use username/password. There are other much better possibilities. For the full picture, see https://aka.ms/msal-net-scenarios







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 22 '18 at 12:45









        Jean-Marc PrieurJean-Marc Prieur

        80537




        80537
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53420920%2fopenid-connect-authentication-net-core%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Biblatex bibliography style without URLs when DOI exists (in Overleaf with Zotero bibliography)

            Image
            2 2 I have a Zotero bibliography in Overleaf. I use biblatex . usepackage[backend=biber,citestyle=authoryear]{biblatex} addbibresource{zoteroALH.bib} Bibliography entries look like: @book{de_saint-gervais_uniformization_2016, title = {Uniformization of {Riemann} {Surfaces}}, isbn = {978-3-03719-145-3}, url = {https://www.ems-ph.org/books/book.php?proj_nr=198&srch=series%7Chem}, urldate = {2019-02-03}, author = {de Saint-Gervais, Paul Henri}, year = {2016}, doi = {10.4171/145} } In the bibliography down the paper the reference shows like this: There is the DOI, great, but also the URL which is unnecessary when the DOI is there. How can I remove the URL when the DOI is present? biblatex bibliographies overleaf zote
            Read more

            ComboBox Display Member on multiple fields

            Image
            2 I'm trying to set the .DisplayMember property of a ComboBox in C#, but I want to bind it to multiple columns in the .DataSouce . My SQL looks like this: SELECT PersNbr, PersFirstName, PersMiddleName, PersLastName FROM Pers WHERE PersNbr = :persNbr; I'm saving this query in a DataTable so each column selected has it's own column in the Datatable . I want to make the .DisplayMember a combination of PersFirstName + PersMiddleName + PersLastName so their full name appears like this: comboBox.DisplayMemeber = "PersFirstName" + "PersMiddleName" + "PersLastName" I know I can just to this on the query: SELECT PersNbr, (PersFirstName || PersMiddleName || PersLastName) PersName and then just do this: comboBox.DisplayMember = "PersName"; but I
            Read more

            Is it possible to collect Nectar points via Trainline?

            Image
            2 Since I am not eligible for any Railcard, the only available discount/bonus scheme is Nectar Card for me. GWR, SWR, LNER and Virgin Trains allow to collect Nectar points and I have already linked a card to my GWR account. A friend suggested me to use Trainline App, because it can search for bus tickets either. I had a look at the application, but could not see any option for Nectar. Is there a way to collect Nectar points when I buy tickets via Trainline? uk trains loyalty-programs trainline share | improve this question asked Dec 2 '18 at 15:50 ahmedus 3,224 5 19 49
            Read more