active-directory-develop-guidedsetup-aspnetwebapp-use.md

title	description	services	documentationcenter	author	manager	editor	ms.service	ms.devlang	ms.topic	ms.tgt_pltfrm	ms.workload	ms.date	ms.author	ms.custom
include file	include file	active-directory	dev-center-name	andretms	mtillman		active-directory	na	include	na	identity	04/19/2018	andret	include file

Add a controller to handle sign-in and sign-out requests

This step shows how to create a new controller to expose sign-in and sign-out methods.

1. Right click the Controllers folder and select Add > Controller

2. Select MVC (.NET version) Controller – Empty.

3. Click Add

4. Name it HomeController and click Add

5. Add OWIN references to the class:

   using Microsoft.Owin.Security;
   using Microsoft.Owin.Security.Cookies;
   using Microsoft.Owin.Security.OpenIdConnect;

6. Add the two methods below to handle sign-in and sign-out to your controller by initiating an authentication challenge via code:

   /// <summary>
   /// Send an OpenID Connect sign-in request.
   /// Alternatively, you can just decorate the SignIn method with the [Authorize] attribute
   /// </summary>
   public void SignIn()
   {
       if (!Request.IsAuthenticated)
       {
           HttpContext.GetOwinContext().Authentication.Challenge(
               new AuthenticationProperties{ RedirectUri = "/" },
               OpenIdConnectAuthenticationDefaults.AuthenticationType);
       }
   }
   
   /// <summary>
   /// Send an OpenID Connect sign-out request.
   /// </summary>
   public void SignOut()
   {
       HttpContext.GetOwinContext().Authentication.SignOut(
               OpenIdConnectAuthenticationDefaults.AuthenticationType,
               CookieAuthenticationDefaults.AuthenticationType);
   }

Create the app's home page to sign in users via a sign-in button

In Visual Studio, create a new view to add the sign-in button and display user information after authentication:

1. Right click the Views\Home folder and select Add View

2. Name it Index.

3. Add the following HTML, which includes the sign-in button, to the file:

   <html>
   <head>
       <meta name="viewport" content="width=device-width" />
       <title>Sign in with Microsoft Guide</title>
   </head>
   <body>
   @if (!Request.IsAuthenticated)
   {
       <!-- If the user is not authenticated, display the sign-in button -->
       <a href="@Url.Action("SignIn", "Home")" style="text-decoration: none;">
           <svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" width="300px" height="50px" viewBox="0 0 3278 522" class="SignInButton">
           <style type="text/css">.fil0:hover {fill: #4B4B4B;} .fnt0 {font-size: 260px;font-family: 'Segoe UI Semibold', 'Segoe UI'; text-decoration: none;}</style>
           <rect class="fil0" x="2" y="2" width="3174" height="517" fill="black" />
           <rect x="150" y="129" width="122" height="122" fill="#F35325" />
           <rect x="284" y="129" width="122" height="122" fill="#81BC06" />
           <rect x="150" y="263" width="122" height="122" fill="#05A6F0" />
           <rect x="284" y="263" width="122" height="122" fill="#FFBA08" />
           <text x="470" y="357" fill="white" class="fnt0">Sign in with Microsoft</text>
           </svg>
       </a>
   }
   else
   {
       <span><br/>Hello @System.Security.Claims.ClaimsPrincipal.Current.FindFirst("name").Value;</span>
       <br /><br />
       @Html.ActionLink("See Your Claims", "Index", "Claims")
       <br /><br />
       @Html.ActionLink("Sign out", "SignOut", "Home")
   }
   @if (!string.IsNullOrWhiteSpace(Request.QueryString["errormessage"]))
   {
       <div style="background-color:red;color:white;font-weight: bold;">Error: @Request.QueryString["errormessage"]</div>
   }
   </body>
   </html>

More Information

This page adds a sign-in button in SVG format with a black background:

For more sign-in buttons, please go to the this page.

Add a controller to display user's claims

This controller demonstrates the uses of the [Authorize] attribute to protect a controller. This attribute restricts access to the controller by only allowing authenticated users. The code below makes use of the attribute to display user claims that were retrieved as part of the sign-in.

1. Right click the Controllers folder: Add > Controller

2. Select MVC {version} Controller – Empty.

3. Click Add

4. Name it ClaimsController

5. Replace the code of your controller class with the code below - this adds the [Authorize] attribute to the class:

   [Authorize]
   public class ClaimsController : Controller
   {
       /// <summary>
       /// Add user's claims to viewbag
       /// </summary>
       /// <returns></returns>
       public ActionResult Index()
       {
           var userClaims = User.Identity as System.Security.Claims.ClaimsIdentity;
   
           //You get the user’s first and last name below:
           ViewBag.Name = userClaims?.FindFirst("name")?.Value;
   
           // The 'preferred_username' claim can be used for showing the username
           ViewBag.Username = userClaims?.FindFirst("preferred_username")?.Value;
   
           // The subject/ NameIdentifier claim can be used to uniquely identify the user across the web
           ViewBag.Subject = userClaims?.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)?.Value;
   
           // TenantId is the unique Tenant Id - which represents an organization in Azure AD
           ViewBag.TenantId = userClaims?.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid")?.Value;
   
           return View();
       }
   }

More Information

Because of the use of the [Authorize] attribute, all methods of this controller can only be executed if the user is authenticated. If the user is not authenticated and tries to access the controller, OWIN will initiate an authentication challenge and force the user to authenticate. The code above looks at the list of claims for specific user attributes included in the user’s Id token. These attributes include the user’s full name and username, as well as the global user identifier subject. It also contains the Tenant ID, which represents the ID for the user’s organization.

Create a view to display the user's claims

In Visual Studio, create a new view to display the user's claims in a web page:

1. Right click the Views\Claims folder and: Add View

2. Name it Index.

3. Add the following HTML to the file:

   <html>
   <head>
       <meta name="viewport" content="width=device-width" />
       <title>Sign in with Microsoft Sample</title>
       <link href="@Url.Content("~/Content/bootstrap.min.css")" rel="stylesheet" type="text/css" />
   </head>
   <body style="padding:50px">
       <h3>Main Claims:</h3>
       <table class="table table-striped table-bordered table-hover">
           <tr><td>Name</td><td>@ViewBag.Name</td></tr>
           <tr><td>Username</td><td>@ViewBag.Username</td></tr>
           <tr><td>Subject</td><td>@ViewBag.Subject</td></tr>
           <tr><td>TenantId</td><td>@ViewBag.TenantId</td></tr>
       </table>
       <br />
       <h3>All Claims:</h3>
       <table class="table table-striped table-bordered table-hover table-condensed">
       @foreach (var claim in System.Security.Claims.ClaimsPrincipal.Current.Claims)
       {
           <tr><td>@claim.Type</td><td>@claim.Value</td></tr>
       }
       </table>
       <br />
       <br />
       @Html.ActionLink("Sign out", "SignOut", "Home", null, new { @class = "btn btn-primary" })
   </body>
   </html>