CODEWITHSUNDEEP
c#azureasp.net-core-3.1
jazzmasterkc
jazzmasterkc

Reputation: 389

Azure AD Not Authenticating in .NET Core 3.1

I'm trying to get Azure AD working in an existing application. I've followed the instructions and looked at the sample code from Microsoft's site (https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp) with no luck. The sample code is using .NET Core 2.1. I can get it to work with .NET Core 2.1 but 3.1 is throwing a fit for a couple reasons.

  1. Compared to sample code one needs to set the EnableEndpointRouting to false.
  2. Compared to sample code I tried removing the set compatibilityversion on AddMvc and also tried using it as being set to 3.0.

When I run it in .NET Core 3.1 all it does is load the page and never calls out/perform the authentication and is behaving as if there is not Authorize tag on the controller.

I have an Authorize tag on the class level in controller.

Startup.cs:

...
            services.Configure<CookiePolicyOptions>(options =>
            {
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });

            services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
                .AddAzureAD(options => Configuration.Bind("AzureAd", options));

            services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
            {
                options.Authority = options.Authority + "/v2.0/";
                options.TokenValidationParameters.ValidateIssuer = false;
            });

            services.AddMvc(options =>
            {
                var policy = new AuthorizationPolicyBuilder()
                    .RequireAuthenticatedUser()
                    .Build();
                options.Filters.Add(new AuthorizeFilter(policy));
                options.EnableEndpointRouting = false;
            });

Then down below in the Configure function:

...
app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseCookiePolicy();

            app.UseAuthentication();

            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });

Then in my appsettings.json I have:

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "domain.onmicrosoft.com",
    "TenantId": "guid",
    "ClientId": "guid",
    "CallbackPath": "/signin-oidc"
  },
...

My question is why is it treating the requests as if their is no authentication? I have also tried using the UseAuthorization below the UseAuthentication.

Thanks!

Upvotes: 3

Views: 5809

Answers (1)

Jim Xu
Jim Xu

Reputation: 23141

According to my test, if you want to configure Azure AD for .net core 3.1 web app, please refer to the following steps

  1. Register Azure AD web application

  2. Configure application

    a. Install SDK Microsoft.AspNetCore.Authentication.AzureAD.UI

     <Project Sdk="Microsoft.NET.Sdk.Web">

      <PropertyGroup>
        <TargetFramework>netcoreapp3.1</TargetFramework>
      </PropertyGroup>

      <ItemGroup>
        <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="3.1.1" />
      </ItemGroup>

    </Project>

b. Update appsettings.json

      "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "domain.onmicrosoft.com",
    "TenantId": "guid",
    "ClientId": "guid",
    "CallbackPath": "/signin-oidc"
  },
...

c. Update startup.cs

  • add the following code in ConfigureServices function

    public void ConfigureServices(IServiceCollection services)
{
    services.Configure<CookiePolicyOptions>(options =>
    {

        options.CheckConsentNeeded = context => true;
        options.MinimumSameSitePolicy = SameSiteMode.Unspecified;

    });
    services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
         .AddAzureAD(options => Configuration.Bind("AzureAd", options));

    services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
    {
        options.Authority = options.Authority + "/v2.0/";
        options.TokenValidationParameters.ValidateIssuer = false;
    });
    services.AddControllersWithViews(options =>
    {
        var policy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .Build();
        options.Filters.Add(new AuthorizeFilter(policy));
    });
    services.AddRazorPages();
}

  • Add the following code in Configure Function

  public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
     {
        ...
         app.UseHttpsRedirection();
         app.UseStaticFiles();

         app.UseRouting();

         app.UseCookiePolicy();
         app.UseAuthentication();
         app.UseAuthorization();

         app.UseEndpoints(endpoints =>
         {
             endpoints.MapControllerRoute(
                 name: "default",
                 pattern: "{controller=Home}/{action=Index}/{id?}");
         });
     }

enter image description here

For more details, please refer to the sample

Upvotes: 8

Related Questions