Reputation: 1
Azure AD OpenId Auth not working when inhereted Authorize Attribute
I try to authenticate users for an azure app service written in C# 4.7.2 full framework.
The authentication is made true OpenId on an Azure AD.
It works well when using the [Authorize] attribute on a controller.
When I try to decorate the controller with an inhereted from AuthorizeAttribute attribute, the authentication is not anymore based on Azure Ad (in cloud or via iisexpress/localhost)
I need to override the OnAuthorize method because the app displays different data based on a context, and that context must match some users security group.
ie : the urls /context1 and /context2 play the same code but the dbs requests will differ with a "where context = @context" condition. All urls will be prefixed by /context1 or /context2.
Here is the concerned code :
public void ConfigureAuth(IAppBuilder app)
{
//https://azure.microsoft.com/fr-fr/resources/samples/active-directory-dotnet-webapp-groupclaims/
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
string authority = $"https://login.microsoftonline.com/{ConfigurationManager.AppSettings["ida:Tenant"]}";
string client = ConfigurationManager.AppSettings["ida:ClientId"];
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = client,
Authority = authority,
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
RoleClaimType = "groups",
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
//MessageReceived = OnMessageReceived,
//SecurityTokenValidated = OnSecurityTokenValidated,
//AuthenticationFailed = OnAuthenticationFailed,
AuthorizationCodeReceived = OnAuthorizationCodeReceived,
//SecurityTokenReceived = OnSecurityTokenReceived
}
});
}
The "OnRedirectToIdentityProvider" helps me check if azure AD authentication is called.
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext context)
{
//OnRedirectToIdentityProvider has not been called
//Checking that the authenticated user is in the right
//security group to grant access to /context1 or /context2
}
}
I hoped the Startup.cs configuration will be called after OnAuthorize overriden.
Thanks for your help.
Upvotes: 0
Views: 243
Answers (1)
Reputation: 1
While waiting for a response and trying to simplifying authorizations, I had another problem and found the answer while searching for it.
To continue to authenticate against Azure AD, you can override the AuthorizationCore method.
Here is the new code :
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase context)
{
if (!base.AuthorizeCore(context))
return false;
//Custom actions
}
}
Regards.
Upvotes: 0
Related Questions
- AcquireToken(string resource, string clientId, UserCredential userCredential) not working for Azure Authentication
- AcquireTokenSilent always Failed to acquire token silently
- OAuth2 with Azure AD - Not getting user consent
- Authorize attribute always returns 401
- OpenIdConnectEvents OnAuthorizationCodeReceived not firing
- Azure AD Oauth2 gives error after authorization request
- Issue when implementing "Resource Owner Password Credentials Grant"
- Using the Authorize attribute with Azure Active Directory
- Azure AD API returns System.Security.Principal.GenericIdentity.IsAuthenticated as false always
- Azure AD Authentication With Auth0