I have a .NET Core app which uses identityserver4 to authenticate users. I have integrated it with ASP.NET Identity (Microsoft.AspNetCore.Identity.UI) and this works fine. It uses the AspNetUser tables etc. to store users. etc etc and all the options work.
I would like to add the option to use Azure Active Directory users. So I add the following code to my startup class (previously there was just services.AddAuthentication();):
services.AddAuthentication()
.AddOpenIdConnect("aad", "Azure AD", options =>
{
options.Authority = "https://login.windows.net/<My Azure Tenant Guid>";
options.TokenValidationParameters =
new TokenValidationParameters { ValidateIssuer = true };
options.ClientId = "<My Azure App Client Id>";
options.CallbackPath = "/signin-aad";
options.SignedOutCallbackPath = "/signout-callback-aad";
options.RemoteSignOutPath = "/signout-aad";
options.ResponseType = OpenIdConnectResponseType.Code;
options.ClientSecret = "<My Azure App Client Secret>";
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.RequireHttpsMetadata = true;
})
;
This makes a button available to add your Azure AD account... Which doesn't work - it gets as far as asking for permission, then comes up with "Unexpected error occurred loading external login info".
Any ideas, or does anyone have a link to a good tutorial?