I have managed to do single sign on over Azure Active Directory with OpenIdConnect middleware:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Passive,
ClientId = "{guid}",
Authority = "https://login.microsoftonline.com/common/",
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false
}
});
We use multi-tenant application on Azure and based on the tenantid
on the returned token check whether this user is allowed (check tenantid
from our database whether it comes from our trusted clients).
It works perfectly fine, if client would like to do single sign on with our application. They have to sync their users to azure active directory and configure their tenantid
on our application.
The thing is, assume that some clients actually have Office 365. They already sync their company user accounts to Office 365 and they would like to take advantage user accounts on Office 365 and do single sign on with this.
I know Office 365 is built on top of Azure, and I can configure to make our application works with our company user accounts by getting the office 365 tenantid
(the way I got from code debugging):
But one thing I am not sure is the Office 365 tenantid
will be different between companies right, example: both company A and company B uses Office 365, so the office 365 tenantid
is different between company A and company B?
If yes, how to get tenantid
from Office 365 (not debugging like I did).
Also, please advise if this way does not work with Office 365 Single Sign On.