locked
Openidconnect issue under IIS 8 RRS feed

  • Question

  • User-1137821140 posted

    I have configured a .net core 3.1 MVC website to use openidconnect and Microsoft Azure Tenant authentication.  Everything works perfectly in IIS Express and also running it directly on Kestrel server and going to the localhost:<port>.  When I attempt to publish it on my IIS server (and also locally under IIS),  it takes me to the Microsoft login as it should,  but when it jumps back to the callback path /signin-oidc,  it gives a 404 error.

    This localhost page can’t be found.  No webpage was found for the web address: https://localhost/contracts/signin-oidc
    HTTP ERROR 404

    I realize IIS is acting as a proxy to Kestrel,  and it seems as if it is not allowing the /signin-oidc to make its way to the Kestrel server under IIS.  

    Am I missing something that needs to be set up differently under IIS opposed to IIS Express and running directly from Kestrel?  

    I appreciate any assistance.  I have attempted the following to fix:

    1.  Set up the app on IIS under a virtual web (as an app) and also published directly to the default web site root.
    2.  Attempted OutOfProcess instead of InProcess.
    3.  Added CORS configuration thinking it may be related to that.

    Relevant:

    services.AddAuthentication(auth =>

                {

                    auth.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;

                    auth.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;

                }).AddOpenIdConnect(options =>

                 {

                     options.ClientId = Configuration["AzureAd:ClientId"];

                     options.ClientSecret = Configuration["AzureAd:ClientSecret"];

                     options.RemoteAuthenticationTimeout = TimeSpan.FromSeconds(220);

                     options.Authority = "https://login.microsoftonline.com/<tenant ID>/v2.0/";

                     options.ResponseType = "code";

                     options.Scope.Add("profile");

                     options.Scope.Add("email");

                     options.TokenValidationParameters = new TokenValidationParameters

                     {

                         ValidateIssuer = false,

                         NameClaimType = ClaimTypes.Name

                     };

                     options.CallbackPath = "/signin-oidc"

    AND

             app.UseAuthentication();

              app.UseCookiePolicy();

                app.UseHttpsRedirection();

                app.UseStaticFiles();

                app.UseRouting();

                app.UseAuthorization();

                app.UseEndpoints(endpoints =>

                {        

                    endpoints.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}");

                    endpoints.MapRazorPages();

                });

    Tuesday, January 28, 2020 10:29 PM

All replies

  • User-1137821140 posted

    Well after digging some more,  this was a permissions issue that I didn't realize existed.  Disregard!

    Tuesday, January 28, 2020 10:55 PM