題記：在ASP.NET 5中雖然繼續(xù)可以沿用ASP.NET Identity來(lái)做驗(yàn)證授權(quán)，不過(guò)也可以很容易集成支持標(biāo)準(zhǔn)協(xié)議的第三方服務(wù)，比如Azure Active Directory。

其實(shí)，在ASP.NET 5中集成AzureAD，利用其進(jìn)行驗(yàn)證和授權(quán)，是非常簡(jiǎn)單的。因?yàn)椋菏紫華zure Active Directory提供了OAuth2.0、OpenId Connect 1.0、SAML和WS-Federation 1.2標(biāo)準(zhǔn)協(xié)議接口；其次微軟在ASP.NET 5中移植了集成OpenId Connect的OWIN中間件。所以，只要在ASP.NET 5項(xiàng)目中引用"Microsoft.AspNet.Authentication.OpenIdConnect"這個(gè)包，并正確配置AzureAD的連接信息，就可以很容易的進(jìn)行集成。

大致步驟如下：

1，在config.json文件中添加AzureAD的配置信息：

"AzureAd": {  "ClientId": "[Enter the clientId of your application as obtained from portal, e.g. ba74781c2-53c2-442a-97c2-3d60re42f403]",  "Tenant": "[Enter the name of your tenant, e.g. contoso.onmicrosoft.com]",  "AadInstance": "https://login.microsoftonline.com/{0}", // This is the public instance of Azure AD  "PostLogoutRedirectUri": https://localhost:44322/}

2，修改project.json，引入OpenIdConnect的中間件：

"Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*"

3，在Startup中的ConfigureServices方法里面添加：

// OpenID Connect Authentication Requires Cookie Authservices.Configure<ExternalAuthenticationOptions>(options =>{  options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;});

4，在Startup中的Configure方法里面添加：

// Configure the OWIN Pipeline to use Cookie Authenticationapp.UseCookieAuthentication(options => {  // By default, all middleware are passive/not automatic. Making cookie middleware automatic so that it acts on all the messages.  options.AutomaticAuthentication = true;});// Configure the OWIN Pipeline to use OpenId Connect Authenticationapp.UseOpenIdConnectAuthentication(options =>{  options.ClientId = Configuration.Get("AzureAd:ClientId");  options.Authority = String.Format(Configuration.Get("AzureAd:AadInstance"), Configuration.Get("AzureAd:Tenant"));  options.PostLogoutRedirectUri = Configuration.Get("AzureAd:PostLogoutRedirectUri");  options.Notifications = new OpenIdConnectAuthenticationNotifications  {    AuthenticationFailed = OnAuthenticationFailed,  };});

5，Startup的OnAuthenticationFailed方法為：

private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification){  notification.HandleResponse();  notification.Response.Redirect("/Home/Error?message=" + notification.Exception.Message);  return Task.FromResult(0);}

6，添加一個(gè)名為AccountController的Controller：

public class AccountController : Controller{  // GET: /Account/Login  [HttpGet]  public IActionResult Login()  {    if (Context.User == null || !Context.User.Identity.IsAuthenticated)      return new ChallengeResult(OpenIdConnectAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });    return RedirectToAction("Index", "Home");  }  // GET: /Account/LogOff  [HttpGet]  public IActionResult LogOff()  {    if (Context.User.Identity.IsAuthenticated)    {      Context.Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationScheme);      Context.Authentication.SignOut(OpenIdConnectAuthenticationDefaults.AuthenticationScheme);    }    return RedirectToAction("Index", "Home");  }}