jorupp · July 5, 2016 16:08
diff --git a/MultiTenant.cs b/MultiTenant.cs
 using System;
 using System.Collections.Generic;
 using System.Configuration;
 using System.Linq;
 using System.IdentityModel.Claims;
 using System.IdentityModel.Tokens;
 using System.Threading.Tasks;
 using System.Web;
 using Microsoft.Owin.Security;
 using Microsoft.Owin.Security.Cookies;
 using Microsoft.Owin.Security.OpenIdConnect;
 using Owin;

 namespace X
 {
    public partial class Startup
    {
        private string ClientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private string Authority = ConfigurationManager.AppSettings["ida:AADInstance"] + "common";

        public void ConfigureAuth(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions { });

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = ClientId,
                    Authority = Authority,
                    TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
                    {
                        // instead of using the default validation (validating against a single issuer value, as we do in line of business apps), 
                        // we inject our own multitenant validation logic
                        ValidateIssuer = false,
                        // If the app needs access to the entire organization, then add the logic
                        // of validating the Issuer here.
                        // IssuerValidator
                    },
                    Notifications = new OpenIdConnectAuthenticationNotifications()
                    {   
                        SecurityTokenValidated = (context) =>
                        {
                            // If your authentication logic is based on users then add your logic here
                            return Task.FromResult(0);
                        } ,                    
                        AuthenticationFailed = (context) =>
                        {
                            // Pass in the context back to the app
                            context.OwinContext.Response.Redirect("/Home/Error");
                            context.HandleResponse(); // Suppress the exception
                            return Task.FromResult(0);
                        }
                    }
                });
        }
    }
 }
diff --git a/SingleTenant.cs b/SingleTenant.cs
 using System;
 using System.Collections.Generic;
 using System.Configuration;
 using System.Globalization;
 using System.Linq;
 using System.Web;
 using Owin;
 using Microsoft.Owin.Security;
 using Microsoft.Owin.Security.Cookies;
 using Microsoft.Owin.Security.OpenIdConnect;

 namespace X
 {
    public partial class Startup
    {
        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
        private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
        private static string authority = aadInstance + tenantId;

        public void ConfigureAuth(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = clientId,
                    Authority = authority,
                    PostLogoutRedirectUri = postLogoutRedirectUri
                });
        }
    }
 }
	using System;
	using System.Collections.Generic;
	using System.Configuration;
	using System.Linq;
	using System.IdentityModel.Claims;
	using System.IdentityModel.Tokens;
	using System.Threading.Tasks;
	using System.Web;
	using Microsoft.Owin.Security;
	using Microsoft.Owin.Security.Cookies;
	using Microsoft.Owin.Security.OpenIdConnect;
	using Owin;

	namespace X
	{
	public partial class Startup
	{
	private string ClientId = ConfigurationManager.AppSettings["ida:ClientId"];
	private string Authority = ConfigurationManager.AppSettings["ida:AADInstance"] + "common";

	public void ConfigureAuth(IAppBuilder app)
	{
	app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

	app.UseCookieAuthentication(new CookieAuthenticationOptions { });

	app.UseOpenIdConnectAuthentication(
	new OpenIdConnectAuthenticationOptions
	{
	ClientId = ClientId,
	Authority = Authority,
	TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
	{
	// instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
	// we inject our own multitenant validation logic
	ValidateIssuer = false,
	// If the app needs access to the entire organization, then add the logic
	// of validating the Issuer here.
	// IssuerValidator
	},
	Notifications = new OpenIdConnectAuthenticationNotifications()
	{
	SecurityTokenValidated = (context) =>
	{
	// If your authentication logic is based on users then add your logic here
	return Task.FromResult(0);
	} ,
	AuthenticationFailed = (context) =>
	{
	// Pass in the context back to the app
	context.OwinContext.Response.Redirect("/Home/Error");
	context.HandleResponse(); // Suppress the exception
	return Task.FromResult(0);
	}
	}
	});
	}
	}
	}