Added support for Azure Active Directory through OpenIdConnect

DurandalAuth.Web/App/services/appsecurity.js

@@ -497,7 +497,9 @@ define(["durandal/system", "durandal/app", "plugins/router", "services/routeconf
 									loginUrl = sessionStorage["loginUrl"];
 									sessionStorage.removeItem("loginUrl");
 									sessionStorage["redirectTo"] = "account/externalloginconfirmation?userName=" + data.userName +
-														"&loginProvider=" + data.loginProvider +
+														//"&loginProvider=" + data.loginProvider +
+                                                        // as OpenIdConnects provider is a url, we need to encode it
+                                                        "&loginProvider=" + encodeURIComponent(data.loginProvider) +
 														"&access_token=" + fragment.access_token +
 														"&loginUrl=" + encodeURIComponent(loginUrl) +
 														"&state=" + fragment.state;

DurandalAuth.Web/App/viewmodels/account/externalloginconfirmation.js

@@ -33,7 +33,9 @@ function (appsecurity,router,errorhandler,utils) {
             var self = this;
             ga('send', 'pageview', { 'page': window.location.href, 'title': document.title });
 
-            self.loginProvider(utils.getUrlParameter("loginProvider"));
+            //self.loginProvider(utils.getUrlParameter("loginProvider"));
+            // as of OpenIdConnect, the provider is sent urlencoded, we need to decode it
+            self.loginProvider(decodeURIComponent(utils.getUrlParameter("loginProvider")));
             self.userName(utils.getUrlParameter("userName"));
             externalAccessToken = utils.getUrlParameter("access_token");
             loginUrl = decodeURIComponent(utils.getUrlParameter("loginUrl"));

DurandalAuth.Web/App_Start/Startup.Auth.cs

@@ -1,9 +1,9 @@
 using System.Configuration;
-
+using System.Globalization;
 using Microsoft.AspNet.Identity;
 using Microsoft.Owin;
 using Microsoft.Owin.Security.Cookies;
-
+using Microsoft.Owin.Security.OpenIdConnect;
 using Owin;
 using Microsoft.AspNet.Identity.EntityFramework;
 using Microsoft.Owin.Security.OAuth;
@@ -17,7 +17,7 @@
 namespace DurandalAuth.Web
 {
     public partial class Startup
-    {	
+    {
         //Enable OWIN Bearer Token Middleware	
         static Startup()
         {			
@@ -69,7 +69,27 @@ public void ConfigureAuth(IAppBuilder app)
 
             app.UseFacebookAuthentication(ConfigurationManager.AppSettings["FacebookKey"], ConfigurationManager.AppSettings["FacebookSecret"]);
 
-            app.UseGoogleAuthentication();       
+            app.UseGoogleAuthentication();
+
+            // The Client ID is used by the application to uniquely identify itself to Azure AD.
+            // The Metadata Address is used by the application to retrieve the signing keys used by Azure AD.
+            // The AAD Instance is the instance of Azure, for example public Azure or Azure China.
+            // The Authority is the sign-in URL of the tenant.
+            // The Post Logout Redirect Uri is the URL where the user will be redirected after they sign out.
+            //
+            string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
+            string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
+            string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
+            string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
+            string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
+
+            app.UseOpenIdConnectAuthentication(
+                new OpenIdConnectAuthenticationOptions
+                {
+                    ClientId = clientId,
+                    Authority = authority,
+                    //PostLogoutRedirectUri = postLogoutRedirectUri
+                });
         }
 
         private static bool IsAjaxRequest(IOwinRequest request)

DurandalAuth.Web/Controllers/AccountController.cs

@@ -465,11 +465,13 @@ public async Task<IHttpActionResult> GetExternalLogin(string provider, string er
 				return InternalServerError();
 			}
 
-			if (externalLogin.LoginProvider != provider)
-			{
-				Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
-				return new ChallengeResult(provider, this);
-			}
+            // LX hat to do this hack for OWIN as the loginProvider is always a URL starting with https://sts.windows.net instead of OpenIdConnect!
+            if (provider == "OpenIdConnect" && !externalLogin.LoginProvider.StartsWith("https://sts.windows.net/")
+                || (provider != "OpenIdConnect" && externalLogin.LoginProvider != provider))
+            {
+                Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
+                return new ChallengeResult(provider, this);
+            }
 
 			UserProfile user = await UserManager.FindAsync(new UserLoginInfo(externalLogin.LoginProvider,
 				externalLogin.ProviderKey));

DurandalAuth.Web/DurandalAuth.Web.csproj

@@ -15,10 +15,10 @@
     <AssemblyName>DurandalAuth.Web</AssemblyName>
     <TargetFrameworkVersion>v4.5.1</TargetFrameworkVersion>
     <UseIISExpress>true</UseIISExpress>
-    <IISExpressSSLPort />
-    <IISExpressAnonymousAuthentication />
-    <IISExpressWindowsAuthentication />
-    <IISExpressUseClassicPipelineMode />
+    <IISExpressSSLPort>44301</IISExpressSSLPort>
+    <IISExpressAnonymousAuthentication>enabled</IISExpressAnonymousAuthentication>
+    <IISExpressWindowsAuthentication>disabled</IISExpressWindowsAuthentication>
+    <IISExpressUseClassicPipelineMode>false</IISExpressUseClassicPipelineMode>
     <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\</SolutionDir>
     <RestorePackages>true</RestorePackages>
     <TargetFrameworkProfile />
@@ -93,9 +93,13 @@
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\packages\Microsoft.Data.Services.Client.5.6.1\lib\net40\Microsoft.Data.Services.Client.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Owin, Version=2.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+    <Reference Include="Microsoft.IdentityModel.Protocol.Extensions, Version=1.0.10708.1011, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\packages\Microsoft.Owin.2.1.0\lib\net45\Microsoft.Owin.dll</HintPath>
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocol.Extensions.1.0.0-RC2\lib\net45\Microsoft.IdentityModel.Protocol.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Owin, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.Owin.3.0.0-rc2\lib\net45\Microsoft.Owin.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Owin.Cors, Version=2.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
@@ -113,9 +117,9 @@
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\packages\Microsoft.Owin.Hosting.2.1.0\lib\net45\Microsoft.Owin.Hosting.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Owin.Security, Version=2.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+    <Reference Include="Microsoft.Owin.Security, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\packages\Microsoft.Owin.Security.2.1.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
+      <HintPath>..\packages\Microsoft.Owin.Security.3.0.0-rc2\lib\net45\Microsoft.Owin.Security.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Owin.Security.Cookies, Version=2.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
@@ -137,6 +141,10 @@
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\packages\Microsoft.Owin.Security.OAuth.2.1.0\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
     </Reference>
+    <Reference Include="Microsoft.Owin.Security.OpenIdConnect, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.Owin.Security.OpenIdConnect.3.0.0-rc2\lib\net45\Microsoft.Owin.Security.OpenIdConnect.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.Owin.Security.Twitter, Version=2.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\packages\Microsoft.Owin.Security.Twitter.2.1.0\lib\net45\Microsoft.Owin.Security.Twitter.dll</HintPath>
@@ -170,6 +178,10 @@
     <Reference Include="System.Data.Services.Client" />
     <Reference Include="System.IdentityModel" />
     <Reference Include="System.IdentityModel.Services" />
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=4.0.10708.1011, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.4.0.0-RC2\lib\net45\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    </Reference>
     <Reference Include="System.Net.Http" />
     <Reference Include="System.Net.Http.Formatting, Version=5.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
@@ -477,7 +489,7 @@
           <AutoAssignPort>True</AutoAssignPort>
           <DevelopmentServerPort>22657</DevelopmentServerPort>
           <DevelopmentServerVPath>/</DevelopmentServerVPath>
-          <IISUrl>http://localhost:22657/</IISUrl>
+          <IISUrl>https://localhost:44302/</IISUrl>
           <NTLMAuthentication>False</NTLMAuthentication>
           <UseCustomServer>False</UseCustomServer>
           <CustomServerUrl>