Authenticate MVC application with both Windows live ID and Azure AD

Question

I have developed MVC 5 application. Now i want to use Authentication for my application. My end users are Employees and Customers and i want to authenticate Employees with Azure AD and customers with windows live id.

I have tried to use Azure ACS, but it will ask me whether i want to log in with Azure AD or Windows Live ID.

My requirement is as below. Default URL is http://localhost:12973. When Employees want to login then it will redirect to http://localhost:12973/employees and employees should redirect to Azure AD log in page and for customers http://localhost:12973/customers and customers should be redirected to windows log in page

So how can i configure both Azure AD and ACS in single web config file?

Can anyone please help me how can i achieve both the requirements.

Simon W Simon W · Accepted Answer · 2015-03-24T07:32:53

You need to setup Azure AD as an IdP for ACS to utilise and then switch your MVC app to only use ACS. Details on how to setup Azure AD as an ACS identity source can be found on Vittorio's blog.

In order to differentiate between the user types you would have to inspect the incoming claims and determine whether the user is in Azure AD (I assume employee) or elsewhere (customer). That would be your 'return URL' which would then do a 301 redirect to the correct landing page as per your requirements.

In the future Azure AD will be the right place to do all this stuff (including external IDs) so it might be worth revisiting your design and reading some of the recent advice around how to use Azure AD instead of ACS.

Authenticate MVC application with both Windows live ID and Azure AD

2 Answers