locked
Choose Authentication type based on user's login-id RRS feed

  • Question

  • User253389366 posted

    We are trying to Implement Blazor (Server-Blazor) application. But, we are stuck on how to implement authentication which we can switch based on the user's login-id. We have two kinds of users, one is available in our azure-active directory and another kid of users are not in active directory (these users are in our database along with hashed passwords), I know for users in AZ active directory we use work/school type authentication and for users that are not in AZ Active directory, I have to use Individual User Accounts authentication type. 

    I know we just add all non-active directory users to AZ Active directory users and implement 'work/school' user authentication type, but our organization does not want to do that. 

    Question is, how to implement both types of authentications but use one of them based on user's login-id.

    Thank you

    Venu.

    Monday, December 16, 2019 6:56 AM

All replies

  • User-854763662 posted

    Hi darojuv ,

    What have you tried ? The forum is to debug and solve problems encountered during development, not to write code to implement a function.

    Please share the relevant code if you need the community review and debug code . 

    For you demand , you could refer to the following links which may be helpful:

    https://www.c-sharpcorner.com/article/asp-net-core-and-blazor-code-venture-configuring-azure-ad-authentication/

    https://stackoverflow.com/questions/54712521/how-can-i-support-both-individual-user-accounts-and-work-or-school-accounts-in-a

    Best Regards ,

    Sherry

    Tuesday, December 17, 2019 8:31 AM
  • User-1780421697 posted

    You need to use AZure B2C Services, 

    Azure AD B2C is an independent service for building a consumer application identity repository. If you need a service to handle email or Facebook login  it is there for you.

    https://azure.microsoft.com/en-us/services/active-directory-b2c/

    https://daniel-krzyczkowski.github.io/Azure-AD-B2C-Series-External-Service-Call/

    Tuesday, December 17, 2019 9:21 AM
  • User253389366 posted

    @Khuram Shahz...

    Not really possible as our company has strict rules on non-active directory user store not to use/link to the cloud in any manner.

    Wednesday, December 18, 2019 10:02 PM
  • User253389366 posted

    @Sherry Chen

    I tried creating blazor application using Azure authentication and now I am trying to implement a switch based on which the application should use individual authentication. The code is here, but it just enforces single user no matter what kind of authentication I use, so the code is useless I provide because you demand.

    public class MockAuthenticatedUser : AuthenticationHandler<AuthenticationSchemeOptions>
        {
            const string userId = "venuvenu";
            const string userName = "MyName";
            const string userRole = "SimpleUser";
            const string email = "test@test";
            const string givenName = "Venu";
    
            public ISession _Session;
            private IUserManager _UserManager;
            public IConfiguration Configuration { get; }
            private readonly IHttpContextAccessor _httpContextAccessor;
            
            public MockAuthenticatedUser(
              IOptionsMonitor<AuthenticationSchemeOptions> options,
              ILoggerFactory logger,
              UrlEncoder encoder,
              ISystemClock clock,
              IUserManager um,
              IConfiguration configuration,
              IHttpContextAccessor httpContextAccessor
                )
              : base(options, logger, encoder, clock)
            {
                _UserManager = um;
                Configuration = configuration;
                _httpContextAccessor = httpContextAccessor;
            }
            private UserVM LoginUser { get; set; }
            public async void AuthenticateUser(UserVM vm) {
                LoginUser = vm;
                await HandleAuthenticateAsync();
            }
            protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
            {
    
                    var UserFromDB = _UserManager.GetAuthenticatedUser(new UserVM { EmailAddress = "Test@test.com" });
                    var claims = new[]
                      {
                      new Claim(ClaimTypes.NameIdentifier, UserFromDB.EmployeeNo),
                      new Claim(ClaimTypes.Name, UserFromDB.FirstName + ", " + UserFromDB.LastName),
                      new Claim(ClaimTypes.Role, UserFromDB.AccessRole),
                      new Claim(ClaimTypes.Email, UserFromDB.EmailAddress),
                      new Claim(ClaimTypes.GivenName, UserFromDB.FirstName)
                    };
                    var identity = new ClaimsIdentity(claims, Scheme.Name);
                    var principal = new ClaimsPrincipal(identity);
                    _httpContextAccessor.HttpContext.User = principal;
                    var ticket = new AuthenticationTicket(principal, Scheme.Name);
    
                    return await Task.FromResult(AuthenticateResult.Success(ticket));
            }
        }



    Wednesday, December 18, 2019 10:08 PM