There’s this cool feature in Azure AppService that I love. It’s called EasyAuth although it may not use that name anymore.
When you are creating a project and want to throw in some quick authentication Single-Sign-On (SSO for short) is a great way to throw the authentication problem at someone else while you keep on working on delivering value.
Of course, you can get a clear understanding of how it works, but I think I can summarize quite quickly.
EasyAuth works by intercepting the authentication requests (
/.auth/*) or when authenticated, fills in the user context within your application. That’s the 5-second pitch.
Now, the .NET Framework application lifecycle allowed tons of stuff to happen when you added an
HttpModule in your application. You had access to everything and the kitchen sink.
.NET Core, on the other hand, removed the concept of all-powerful modules and instead introduced Middlewares. Instead of relying on a fixed set of events happening in a pipeline, we could expand the pipeline as our application needed it.
I’m not going to go into details on how to port HttpModules and Handlers but let’s assume that they are widely different.
One of the many differences is that
HttpModules could be set within a
web.config file and that config file could be defined at the machine level. That is not possible with Middlewares. At least, not yet.
So with all those changes, why did it matter for EasyAuth? Well, the application programming model changed quite a lot, and the things that worked with the .NET Framework stopped working with .NET Core.
I’m sure there’s a solution on the way from Microsoft but a client I met encountered the problem, and I wanted to solve the problem.
What I was fixed to do was relay the captured identity and claims into the .NET Core authentication pipeline. I’m not doing anything else.
The first step is to install the NuGet package using your method of choice. Then, adding an
[Authorize(AuthenticationSchemes = "EasyAuth")] to your controller.
Finally, adding the following lines of code to your
That’s it. If your controller has an
[Authorize] attribute, the credentials are going to automatically start populating the
User.Identity of your MVC controller.