Reputation: 375
Blazor Server - Microsoft Identity Web App and Web API
My Blazor Server offers anm API and a Web App. The API is used by desktop clients and the web app is like a admin tool to configure and setup things on the server.
Now I want to use my AzureAD to authenticate and authorize my Users.
Therefore I use @attribute [Authorize(Roles = "MyRole")] for my razor pages and [Authorize(Roles = "MyRole")] attribute for my controllers.
My AzureAd configuration looks like this:
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "[mydomain.com]",
"TenantId": "[myTenantId]",
"ClientId": "[myClientId]",
"CallbackPath": "/signin-oidc",
"SignedOutCallbackPath ": "/signout-callback-oidc"
}
Authentication and Authorization with the web app OR the web API is working.
Web API Startup.cs:
services.AddMicrosoftIdentityWebApiAuthentication(GetConfiguration());
services.AddControllersWithViews();
services.AddRazorPages();
services.AddServerSideBlazor();
Web App Startup.cs:
services.AddMicrosoftIdentityWebAppAuthentication(GetConfiguration());
services.AddControllersWithViews().AddMicrosoftIdentityUI();
services.AddRazorPages();
services.AddServerSideBlazor().AddMicrosoftIdentityConsentHandler();
But I failed to config my Startup.cs to use both so far. It should work, here is a example.
Current attempt:
var configuration = GetConfiguration();
services.AddMicrosoftIdentityWebApiAuthentication(configuration);
services.AddMicrosoftIdentityWebAppAuthentication(configuration);
services.AddControllersWithViews().AddMicrosoftIdentityUI();
services.AddRazorPages();
services.AddServerSideBlazor().AddMicrosoftIdentityConsentHandler();
Any ideas how so solve this?
Edit 1: For my current attempt the authentication for my clients via AddMicrosoftIdentityWebApiAuthentication is working but if I try to authenticate in my web app the AzureAd login kind of succeeds, but after the redirect to my app there is no user logged in.
Edit 2: Related question: Using AddMicrosoftIdentityWebApi and AddMicrosoftIdentityWebApp in the same ASP.NET Core 7 application
Upvotes: 1
Views: 628
Answers (1)
Reputation: 375
I think I fixed it. Thanks to LeeAdamas stackoverflow question and answer.
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(Configuration);
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration);
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder(
JwtBearerDefaults.AuthenticationScheme,
OpenIdConnectDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
});
services.AddControllersWithViews().AddMicrosoftIdentityUI();
services.AddRazorPages();
services.AddServerSideBlazor().AddMicrosoftIdentityConsentHandler();
And changed the attributes of my controllers like this:
[Authorize(Roles = "[MyRoleDefinedInAzureAd]", AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
public class MyController : Controller
{
...
}
AzureAd config section is unchanged and I only have one Azure app registration and Azure enterprise application to get it running.
Upvotes: 1
Related Questions
- How do I create an Excel (.XLS and .XLSX) file in C# without installing Microsoft Office?
- Unable to make Microsoft Graph API request in ASP.NET Core with Microsoft Identity for authentication
- Microsoft Identity Web : Azure AD Client Credential flow with Certificate Based Authentication
- Removing CallbackPath from OpenIdConnectAuthenticationOptions gives IDX21323 Error
- How add two different tokens in ASP.NET Core Web API
- Unable Authenticate - Azure web app with Azure Active Directory (OpenIdConnect)
- .Net Core Azure Active Directory Authentication Problems (photos)