Adding SSO via Azure AD to my MVC app

  1. #1

    Adding SSO via Azure AD to my MVC app

    Hey folks!

    I'm currently trying to add, besides our ext.net "form" authentication, a simple Single Sign-On via Azure Active Directory following this document: https://docs.microsoft.com/en-us/azu...-aspnet-webapp

    I've already added the appropriate login/logout controller methods and the startup-config, but I'm still not getting redirected to the SSO login page. Maybe I'm missing anything regarding the coexistence of forms authentication or what am I doing wrong?

    My login.aspx page has the following SSO button implemented:
    <ext:FormPanel runat="server" FormID="Form_SSO" Border="false" Layout="HBoxLayout" PaddingSpec="10" MarginSpec="0 0 8 0">
        <Items>
            <ext:Button ID="ButtonSingleSignOn" runat="server" Text="Login" Icon="Key" Height="25" Flex="1" AutoPostBack="true">
                <DirectEvents>
                    <Click Url="/User/Login" Timeout="60000" Method="POST" Before="Ext.Msg.wait('Redirecting ...', 'SSO Authentication');">
                        <ExtraParams>
                            <ext:Parameter Name="ReturnUrl" Value="GetReturnUrl()" Mode="Raw" />
                        </ExtraParams>
                    </Click>
                </DirectEvents>
            </ext:Button>
        </Items>
    </ext:FormPanel>
    ----- textbox/password and login button providing forms authentication -----

    The appropriate UserController method:
    [AcceptVerbs(HttpVerbs.Post)]
    public void Login(string returnUrl)
    {
        if (!Request.IsAuthenticated)
        {
            HttpContext.GetOwinContext().Authentication.Challenge(
                new AuthenticationProperties { RedirectUri = returnUrl },
                OpenIdConnectAuthenticationDefaults.AuthenticationType);
        }
    }
    Any help would be highly appreciated, thanks!
  2. #2
    Hello @User... names.. are.. oldschool? :)

    I guess at least it is better than showing up email addresses... Anyway, back to subject!

    I believe once you figure out the URL you want to redirect to, you can just add script or response to do so.

    See Default.aspx's Button1_Click() event in this example: Desktop > Introduction > Overview

    In this case it adds a Response.Redirect() for a full page switch. Instead though, you can build a window/modal from code behind, and as a type=frame loader, open the SSO login page within that modal! If not fully code-behind, you can keep the window hidden and just configure it + show when need be.

    To piece it together, here's an example using different flavors of Loader-Frame in panels: Panel > Basic > Loader.

    The example is about a panel, but windows can be seen as just an extension to panels where they can float, be moved around and gray out the screen behind it. So any (or most) loader setting to Panels should apply to Windows too!

    Using this frame approach ensures the inner page is a full load of the inner page so no missing/broken scripts, links or unexpected surprises.

    Hope this helps!
    Fabrício Murta
    Developer & Support Expert
  3. #3
    Thanks for the ultra-fast reply Fabricio!
    Was very uncreative for picking a username tbh haha... not to be taken too seriously at all.

    Unfortunately, I can't simply add a redirect URL to implement your solution above.
    It has to happen via the controller to start the auth challenge from Azure AD. There is some token ID stuff and some other magic happening within the controller call.

    So is there no way of adding a property/argument/config to the button or another usable ext element for that kind of request?
    Or did I get you wrong on your second idea? Could you maybe provide a Code example?

    Best wishes
  4. #4
    Hello again, @USERNAMESAREOLDSCHOOL!

    Well, I can't think on an example or suggestion, I don't really get what you need. Maybe, what if you drawn a simple mock up example reproducing the scenario, including also what you can't get, so at least we can be at the same page? So you could, for instance, return a static string or response according to what you get from Owin challenge. From that we could tell you for sure what to do.

    If you're not up for that, here's a guess that may get you on track: I believe you may need to handle the response owin sends back depending on its challenge result, whatever it is. Take a look at this forum thread: Authorize redirect Direct method call.

    With said callback in mind (read thru the thread above), you'd need to step the function (similar to Before you used, there are After, Success and Complete -- I'd start with [var]Success[var] callback to grasp what's returned by the server depending on the challenge result). A good idea seems to use the browser's developer tool to step thru the response callback method (no need to run VS in debug mode/attached to check client-side results). And then depending on the response received, handle it accordingly. Or simply use these responses to base you stub as suggested first.

    Hope this helps!
    Fabrício Murta
    Developer & Support Expert

Similar Threads

  1. [CLOSED] Migrating a MVC App from v1 to v2
    By RCN in forum 2.x Legacy Premium Help
    Replies: 2
    Last Post: Apr 10, 2012, 7:05 PM
  2. [CLOSED] Error on deploying an MVC app
    By Stefanaccio in forum 1.x Legacy Premium Help
    Replies: 8
    Last Post: Oct 17, 2010, 11:12 PM
  3. [CLOSED] Download a file in an MVC app
    By Stefanaccio in forum 1.x Legacy Premium Help
    Replies: 1
    Last Post: Jul 02, 2010, 9:01 PM
  4. ComboBox's SelectedItem in MVC App
    By danni in forum 1.x Help
    Replies: 4
    Last Post: Oct 02, 2009, 5:06 PM
  5. Replies: 3
    Last Post: Feb 13, 2009, 2:55 AM

Tags for this Thread

Posting Permissions