Microsoft Identity Pltaform with asp.net Core Identity

Question

I'm trying to utilize Microsoft Identity Platform for some users of web application. I'm using this example: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp

The problem is the example shows how to turn on Microsoft Identity "globally", for the whole app, and all the roles are populated from the platform. But in my case users are stored in DB, and sign in using Azure AD should be optional. The ideal flow will be to login the user with Microsoft Identity Platform, get the email after successful login and then authenticate user using existing asp.net core identity mechanism with populating users from DB (using UserStore and etc.). But I can't find the way, how to do it, ho to handle "event" after successful login with the platform?

It is even possible with Microsoft Identity Platform?

Answer 1

Apparently MSAL library can't act as external login provider for ASP.NET Identity, so it's not possible. Source: https://github.com/MicrosoftDocs/azure-docs/issues/53695

If someone needs to utilize Azure AD login with ASP.NET identity, it could be done in several ways:

1. Using Microsoft.AspNetCore.Authentication.AzureAD.UI https://austincooper.dev/2020/02/02/azure-active-directory-authentication-in-asp.net-core-3.1/ Azure AD as an "external provider"?

2. Using WsFederation https://cmatskas.com/asp-net-core-saml-authentication-with-azure-ad/

3. Using SAML directly using some 3rd party library or inhouse SAML stack implementation: https://matthijs.hoekstraonline.net/2020/04/14/authenticate-an-azure-ad-user-with-saml-for-asp-net-core/

Answer 2

The answer is outdated.

With the release of 1.4.0, Microsoft Identity supports AzureAD as external login provider. From the release notes:

Microsoft Identity Web now supports individual auth with AAD external providers. To enable this, you can now specify a null cookie scheme in AddMicrosoftIdentityWebApp. See issue #133 and issue #809.