Azure AD Authentication
This guide will show you how to configure Weavy to use Azure Active Directory as an identity provider.
Prerequisites
To continue this guide you should first follow Getting Started guide for the server SDK. It can also be helpful to read our article about OpenID Connect (which Azure AD authentication is based on).
Microsoft.Owin.Security.OpenIdConnect
Nuget package (if you don't have it already).
Configuration
The following settings are required for Weavy to use Azure AD authentication.
Web server
The Weavy website in IIS must be configured with the following settings:
Anonymous Authentication = Enabled Forms Authentication = Disabled Windows Authentication = Disabled
Web.config
The web.config
file should have the following configuration:
<system.web>
<authentication mode="None" />
</system.web>
Startup Configuration
First step in configuring Azure AD authentication is registering your application in the Azure portal. See Add sign-in with Microsoft to an ASP.NET web app for more details.
Once you have the ClientId
and TenantId
you should add them to your web.config
file.
<appSettings>
<!-- the application id for the app you registered -->
<add key="AzureClientId" value="..." />
<!-- the tenant id for your organization -->
<add key="AzureTenantId" value="..." />
</appSettings>
Next you should add the following code to the Startup.cs
file:
public partial class Startup {
public void Configuration(IAppBuilder app) {
app.UseWeavy();
var azureClientId = ConfigurationService.AppSetting("AzureClientId");
var azureTenantId = ConfigurationService.AppSetting("AzureTenantId");
if (azureClientId != null && azureTenantId != null) {
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions {
AuthenticationType = "Azure",
AuthenticationMode = AuthenticationMode.Passive,
Authority = $"https://login.microsoftonline.com/{azureTenantId}/v2.0",
Caption = "Azure AD",
ClientId = azureClientId,
Notifications = new OpenIdConnectAuthenticationNotifications() {
RedirectToIdentityProvider = (context) => {
// this ensures that the address used for sign in and sign out is picked up dynamically (it must still be registered in the Azure portal)
context.ProtocolMessage.RedirectUri = WeavyContext.Current.ApplicationUrl;
return Task.CompletedTask;
},
AuthenticationFailed = (context) => {
context.OwinContext.Response.Redirect(WeavyContext.Current.ApplicationPath + "error/unauthorized");
context.HandleResponse();
return Task.CompletedTask;
}
},
Scope = "openid email profile",
});
}
}
}
And that's it, Weavy will now display a button on the sign in page allowing your users to authenticate against your Azyre Active Directory.