In this video, use OWIN principles to perform OpenIDConnect authentication and configure the application to work with Azure AD authentication.
- [Instructor] Now with our app registered and our Web.config updated, it's time to start making use of these values, and the first thing we will do is add authentication code inside of our application. Here's how we do that. Now this is an OWIN-based Azure AD web application, MVC application, so what I'm going to do first is I'm going to go to the App_Start folder, and I'm going to add a new class here called Startup.
And for those of you that are familiar with OWIN, you know that you need to assign a starter assembly or class so OWIN can pick that up. So at the very top, let me go ahead and add some usings first. I'm going to say using Microsoft.Owin, using Microsoft.Owin.Security, using Microsoft.Owin.Security.Cookies. We'll make use of all of these, using Microsoft.Owin.Security.OpenIdConnect, and obviously using Owin.
We'll probably add some more usings as we go, but let's start with these. Okay, so the first thing I'm going to need up here is that I need to decorate this particular class with the assembly attribute. So I'm going to set assembly OwinStartup, and basically I need to point it to our type, which is going to act as the startup for this particular project. So let's go ahead and do that. So the type that I'm interested in here is typeof AzureADWebApp.App_Start.
So basically we're saying that App_Start.Startup, right? So this class down here, the same class we're in, will be the starter class for this particular project. Okay. So with that in place, let's also go ahead and reference the various Web.config values that we copied from Azure AD in our Startup.cs class. So we need to reference configuration manager, and let's go ahead and do that as well using system.configuration, and, based on these values, I'm going to go ahead and create a string variable called authority, and that'll always be String.Format, CultureInfo.InvariantCulture.
So I need to reference system.globalization for this, CultureInfo.InvariantCulture, and Azure AD instance, which we're reading from the .config and the tenant. Okay. Now in here we will add a method called configuration, and that'll be the method that OWIN will call to begin our configuration, in our case it is authentication. So I'm going to say public void Configuration, IAppBuilder app, and usually you would use this method for multiple things.
The only thing that I need to do is authentication, but it is still a good idea to separate that out in a separate method. Think of this as a pipe line. So we'll say public void ConfigureAuth, IAppBuilder app. So this is where our authentication related code will go. Let's make sure that we call this method as well. So I'm going to say ConfigureAuth, app, and here now let's start writing authentication related code.
So I'm going to say app.SetDefaultSignInAsAuthenticationType, CookieAuthenticationDefaults.AuthenticationType. We're relying on cookies. App.UseCookieAuthentication, new CookieAuthenticationOptions, and I'm just going with defaults here, but theoretically speaking, if you wanted to customize this Azure expiration, et cetera, you would do that here.
And the next thing I need to do is to simply inform my application that it needs to use OpenID connect authentication. So I'll just say app.UseOpenIdConnectAuthentication, and inside of this I need to pass in the authentication options. So we need to configure it. So I'm going to say new OpenIdConnectAuthenticationOptions, and here you can override any number of things, for instance, like token validation logic and so on and so forth.
Lot of these things are, you can say, optional cause it's just better to stay in the box and work it now provides you. However, there are certain things that you must provide to the framework so it can authenticate your application for you. For instance, we need to tell it what is our ClientID. Remember we have put this in the .config file, and we got this from the Azure AD registration. Authority is what we just calculated above.
PostLogoutRedirectUri is the URL of our application, and let's also subscribe to notifications. Now these notifications can be success or failure or something like that. So success I guess will just redirect to the application and will show the user's user ID or something like that, but let's handle failure at least. So I'm going to say AuthenticationFailed and give it a lambda expression, and here I'm going to say context.HandleResponse, so basically we did handle it, and then we're going to say how we're going to handle it, and we'll say context.Response.Redirect, and we simply redirect to the error view in our MVC application, and you can get the exception message using this expression here.
And return Task.FromResult, zero. Great. So we need to add System.Threading.Tasks up here, and this finishes our authentication logic. Obviously there's a little bit more that we need to do, for instance, where is the sign in, sign out page, right? Where is the user interface for logging in, logging out.
So let's look at that next.
- What is Microsoft Graph?
- Registering a web application in Azure AD
- Adding authentication logic and authentication UI
- Native applications calling Graph
- Reviewing scenarios where web apps involving Graph are useful
- Web applications with application identity and delegated identity calling Graph
- Daemons calling Graph