Auth0 Home Blog Docs

Using OWIN for Azure allowing Anonymouse Users

active-directory
adfs
owin
azure-ad

#1

Hello,
I have a site that can authenticate with Active Directory Federated Services for Single Sign On. Currently, the way my site works is that, by default, when a user hits my site, my code attempts to log then into SSO (I use the OWIN library for this). If the user is not on our network, it fails to authenticate, and they are redirected to my companies login page, where they can provide their company credentials.

I would like to change this behavior, though. Instead, when the user hits my page, if they authenticate, it should continue as normal and they should be redirected to my site. But, if they do not authenticate, I do not want them redirected to our login page. instead, I want them to be redirected back to my site, where my code will determine what they can and cannot do on the site. I then would want to provide a link, so that they could decide to go to the login page.

I want this behavior because the majority of users of this site will not be a part of the companies network and will not be able to authenticate. SO, they should, by default, just see our home page. But, there may be times when a company member might be working from home, so wont be on our network to auto authenticate. In this case, they would then use the link that sends them to the Azure login page.

Here is the code that I am currently using (site is ASP.net, form web page (not MVC)):

Startup.Auth.vb:

 Partial Public Class Startup
Dim appSettings = ConfigurationManager.AppSettings
Private realm As String
Private aadInstance As String
Private tenant As String
Private metadata As String
Private authority As String

Public Sub ConfigureAuth(app As IAppBuilder)
    Try
            Dim appSettings = ConfigurationManager.AppSettings
            realm = ConfigurationManager.AppSettings("ida:RPIdentifier")
            aadInstance = ConfigurationManager.AppSettings("ida:AADInstance")
            tenant = ConfigurationManager.AppSettings("ida:Tenant")
           metadata = String.Format("{0}/FederationMetadata/2007-06/FederationMetadata.xml", aadInstance)
          authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant)            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
        app.UseCookieAuthentication(New CookieAuthenticationOptions())
        Dim authOption As WsFederationAuthenticationOptions = New WsFederationAuthenticationOptions()

         Dim fn = Function(context)
                     context.HandleResponse()
                     context.Response.Redirect("Home/Error?message=" + context.Exception.Message)
                     Return Task.FromResult(0)
                 End Function

        Dim auth_not As WsFederationAuthenticationNotifications = New WsFederationAuthenticationNotifications() With {
                .AuthenticationFailed = fn
             }

        Dim auth_opt As WsFederationAuthenticationOptions = New WsFederationAuthenticationOptions() With {
             .Wtrealm = realm,
             .MetadataAddress = metadata,
             .Notifications = auth_not
           }
        If (Not auth_opt.Wtrealm Is Nothing) Then
            app.UseWsFederationAuthentication(auth_opt)
        Else

        End If

    Catch ex As Exception
        Throw ex
    End Try
End Sub

End Class


#2

Does anyone have experience with this? Can it be done?