locked
Azure AD into a web application using OpenID Connect NOT WORKING on User Authenticate Mvc WEb App RRS feed

  • Question

  • User-36873464 posted

    Hi Guys

    I'm really frustrated. I'm currently developing an MVC5 web application with the User Authentication. But I was request to Add the Office 365 User Acces.

    I did uncomment the following and add my real description accordingly

    app.UseMicrosoftAccountAuthentication(
    clientId: "XXXXXX",
    clientSecret: "XXXXX"

    However when the User Logs In the Web application from the Login Page, there is the following error appearing and Breaking the process:

    OpenIdConnect Breaks

    Please anyone may help me ASAP as it's Urgent.

    Thank you

    Thursday, May 10, 2018 11:33 AM

All replies

  • User1724605321 posted

    Hi McElie ,

    To use ASP.NET Ideitity with Azure AD authentication , please refer to below steps :

    1. Install Microsoft.Owin.Security.OpenIdConnect library in your application via NuGet .
    2. Config Azure AD authentication using openid connect owin in Startup.cs :
     public void ConfigureAuth(IAppBuilder app)
            {
                // Configure the db context, user manager and signin manager to use a single instance per request
                app.CreatePerOwinContext(ApplicationDbContext.Create);
                app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
                app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
    
                // Enable the application to use a cookie to store information for the signed in user
                // and to use a cookie to temporarily store information about a user logging in with a third party login provider
                // Configure the sign in cookie
                app.UseCookieAuthentication(new CookieAuthenticationOptions
                {
                    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                    LoginPath = new PathString("/Account/Login"),
                    Provider = new CookieAuthenticationProvider
                    {
                        // Enables the application to validate the security stamp when the user logs in.
                        // This is a security feature which is used when you change a password or add an external login to your account.  
                        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                            validateInterval: TimeSpan.FromMinutes(30),
                            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
                    }
                });            
                app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
    
                // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
                app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
    
                // Enables the application to remember the second login verification factor such as phone or email.
                // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
                // This is similar to the RememberMe option when you log in.
                app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
    
                // Uncomment the following lines to enable logging in with third party login providers
                //app.UseMicrosoftAccountAuthentication(
                //    clientId: "",
                //    clientSecret: "");
    
                //app.UseTwitterAuthentication(
                //   consumerKey: "",
                //   consumerSecret: "");
    
                //app.UseFacebookAuthentication(
                //   appId: "",
                //   appSecret: "");
    
                //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
                //{
                //    ClientId = "",
                //    ClientSecret = ""
                //});
    
                app.UseOpenIdConnectAuthentication(
           new OpenIdConnectAuthenticationOptions
           {
               ClientId = "YourClientID",
               Authority = "https://login.microsoftonline.com/yourdomain.onmicrosoft.com",
               RedirectUri= "http://localhost:52693/"
           });
            }

    Then when clicking "Login" button in web application , you can choose the  identity provide :

    Best Regards,

    Nan Yu

    Friday, May 11, 2018 7:56 AM
  • User-36873464 posted

    Hi Nan Yu,

    I'm Excited to read you, However, my application just can't stop Realoading at the OpenIdConnect Login, just after the user fills up is details.

    I have Run a Diagnostic. And I have found out that it's break from here:

    string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

    user Startup.Auth.cs Class

    Then by the Next Run, It's just runs without Breaks but this time it's just reload couless times without hand.

    The Web browser it's stack here:

    Login.microsoftonline.com/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx/oauth2/authorize?client_id....

    How would I stop the reload process and get to the Home page after Log in the Azure AD authentication details?

    Very Disturb and frustrate.

    Please reply  ASAP or should I Escalate the Request to the High Level Urgent?! 

    The company user's need to login and use the system, but the O365 login is not working.

    Please Help ASAP

    Friday, May 11, 2018 9:22 AM
  • User1724605321 posted

    Hi McElie,

    I haven't face your problem, are you using ASP.Net Identity and have you customize the identity system ? Have you set correct tenant/app id/redirect url of your AAD app in MVC application ?

    Best Regards,

    Nan Yu

    Monday, May 14, 2018 2:45 AM