none
use Azure login but also save the logged user in the database and combine authorisation of both

    Question


  • Hi people!


    I have to implement Azure AD login in some web pages (basically Microsoft login for business), it works great for authentication and authorisation (I can add users in Azure and give them roles to use in the authorisation of the web: [Authorize(Roles="AdminAzure")] ), the problem is that I also need to add those users in the database to give them roles there too, for that I'm very happy using the default code that comes with any asp project (it is called after an external login and automatically insert the user in the database):


      public async Task<ActionResult> ExternalLoginConfirmation(ExternalLoginConfirmationViewModel model, string returnUrl)
            {
                if (User.Identity.IsAuthenticated)
                {
                    return RedirectToAction("Index", "Manage");
                }
    
                if (ModelState.IsValid)
                {
                    // Get the information about the user from the external login provider
                    var info = await AuthenticationManager.GetExternalLoginInfoAsync();
                    if (info == null)
                    {
                        return View("ExternalLoginFailure");
                    }
                    var user = new ApplicationUser { UserName = model.Email, Email = model.Email };
                    var result = await UserManager.CreateAsync(user);
                    if (result.Succeeded)
                    {
                        result = await UserManager.AddLoginAsync(user.Id, info.Login);
                        if (result.Succeeded)
                        {
                            await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false);
                            return RedirectToLocal(returnUrl);
                        }
                    }
                    AddErrors(result);
                }
    
                ViewBag.ReturnUrl = returnUrl;
                return View(model);
            }


    after insert the user in the database I can give them roles in Azure and in the database, which is exactly what I want.

    the problem is that this code need the external cookie:

     app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);




    without the external cookie loginInfo is null and all the process to save the user in the database fails, but including it totally blocks all the authorisation process of Azure (when I call an action with that requires a role the page is refreshing forever), I took a look around internet and looks like to have both I need to do very huge changes, its hard to believe that both approaches work perfect by itself but there is no easy way to make them work together, so I would like to know if I'm missing something and there is some fix with less impact.

    Ps: I found that when externalcookie is disable I have a cookie called .AspNet.Cookies  but when external cookie is enable that cookie disappear,I guess that this cookie contain the authorization information, I have been trying to find information about this cookie and couldn't find anything, I would appreciate any help.

    • Edited by PauloDr4 Thursday, April 06, 2017 7:50 AM
    Wednesday, April 05, 2017 5:03 PM

All replies