0

The big idea... A user inputs their email to sign in. We look to see whether their company uses Azure Active Directory (Azure AD) or not. If they do, go to Microsoft to sign in. If not, sign in using Identity 2.0 and the AspNetUsers table in Azure SQL database.

Seems doable... You can send the users to different sign in pages based on their company profile and call this if they use Azure AD...

 HttpContext.GetOwinContext().Authentication.Challenge(
      new AuthenticationProperties { RedirectUri ="/" },
      OpenIdConnectAuthenticationDefaults.AuthenticationType);

Or call this if they don't...

    var result = await SignInManager.PasswordSignInAsync(model.Email, 
         model.Password, model.RememberMe, shouldLockout: ShouldLockout);

The problem? In wiring up the Authentication, you can only use a single cookiesAuthenticationOptions in app.UseCookieAuthentication(cookieAuthenticationOptions).

And it seems that these two methods of signing in have very different options.

Is there a way to have these two authentication techniques peacefully coexist? Or must one choose one or the other?

  • In my opinion, you should configure both authentication scheme in startup file. Ideally it should have a separate module for authentication, one for authenticating by Azure AD and other is for Identity 2.0. You should not mix this. Also in your web app give two separate option to login, one for Azure AD and other is for Identity. Also if you want to keep only one option, Better to go with Azure AD for authentication. You can sync all your user in AD and later you can authenticate by AD only. – Mohit Verma - MSFT Mar 14 at 13:25

Your Answer

By clicking "Post Your Answer", you agree to our terms of service, privacy policy and cookie policy

Browse other questions tagged or ask your own question.