Is it possible to Implement Azure Ad Authentication in webforms without cookie authenticationtype ?

Praneeth Kumar Pagunta 1 Reputation point
2022-05-17T19:40:19.423+00:00

Can we implement the below code without using cookies 

public void Configuration(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());
            app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                // Sets the ClientId, authority, RedirectUri as obtained from web.config
                ClientId = clientId,
                Authority = authority,
                RedirectUri = redirectUri,
                // PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
                PostLogoutRedirectUri = redirectUri,
                Scope = OpenIdConnectScope.OpenIdProfile,
                // ResponseType is set to request the code id_token - which contains basic information about the signed-in user
                ResponseType = OpenIdConnectResponseType.CodeIdToken,
                // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    AuthenticationFailed = OnAuthenticationFailed
                }
            }
        );
        }
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,271 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,565 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,246 Reputation points
    2022-06-02T18:52:00.257+00:00

    Hello @Praneeth Kumar Pagunta , in order to stop relying on cookies you can implement a custom ICookieManager but this time instead of reading and writing the auth ticket to a cookie it will be done to the Session State. Session itself is written to a cookie by default but you can disable that too. You will inject your custom ICookieManager manager here: 

       app.UseCookieAuthentication(new CookieAuthenticationOptions { CookieManager = new MyCustomCookieManager() }) ;

    Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it so that others in the community with similar questions can more easily find a solution.

    0 comments