AnswerBun.com

ASP.NET Core MVC Azure AD Authentication Loop on Azure App Service

Stack Overflow Asked by Ricardo Márquez on November 27, 2020

I have an ASP.NET Core MVC application and I integrated Azure AD into it using the following code:

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
        .AddAzureAD(options => Configuration.Bind("AzureAd", options));

services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
            {
                options.Authority = options.Authority + "/v2.0/";
                options.TokenValidationParameters.ValidateIssuer = true;
            });

The Azure AD Configuration contains these properties:

"AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "[Enter the domain of your tenant, e.g. contoso.onmicrosoft.com]",
    "TenantId": "<tenant-id>",
    "ClientId": "<client-id>",
    "CallbackPath": "/signin-oidc"
},
"DownstreamApi": {
    "BaseUrl": "https://graph.microsoft.com/v1.0",
    "Scopes": "user.read User.ReadBasic.All"
}

It all worked locally and when deployed to an Azure App Service we did not have any problems.

I needed to integrate Microsoft Graph for a new module in the Web App (I need to look up the users in specific groups of the Azure AD).

I followed the Microsoft Graph Tutorial to implement Microsoft Graph.

services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
            // Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
            options.HandleSameSiteCookieCompatibility();
        });

// Sign-in users with the Microsoft identity platform
string[] initialScopes = Configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' ');

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
        .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"))
        .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
        .AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
        .AddInMemoryTokenCaches();

It all works locally but as soon as the app is deployed into an Azure App Service then app goes into a redirect loop when the user is authenticated.

I reversed the changes to the original code and it gets fixed but then I can’t use Microsoft Graph because I do not have the access token.

I checked all the redirect urls in the App Registration and they seem to be fine. I even included

https://<app-name>.azurewebsites.net/

in addition to

https://<app-name>.azurewebsites.net/sigin-oidc

just to be sure it wasn’t a redirect url issue.

I thought it was the Katana bug but that seems to have been fixed in .NET Core.

I enabled HTTPS Only on the Azure App Service but the issue still persists.

Has anyone experienced something like this issue? I’ve been at it for a couple of days and I can’t solve it.

Any helped is greatly appreciated.

One Answer

I tried publishing the microsoft tutorial linked in the question to a new Azure App Service with a new App Registration in Azure AD.

It signed in without a problem.

After that I suspected that there might be a problem with the App Registration. I came to that conclusion because the Azure AD Registration that the MVC Web App was using was created directly in Visual Studio and not manually in the Azure Portal.

Finally, all I did was create a new App Registration in Azure AD and published the MVC Web App with the new client secret and client id. Everything seem to work fine on the published Azure App Service.

Answered by Ricardo Márquez on November 27, 2020

Add your own answers!

Related Questions

Implementing an interface with partial delegation

1  Asked on November 22, 2021 by fabrizio

   

postgresql execute dynamic sql command

2  Asked on November 22, 2021 by boothy

 

How to make dict from dataframe?

2  Asked on November 22, 2021 by oumayma-hamdi

       

IOS Full Screen App: why does toolbar appears when page changes?

1  Asked on November 22, 2021 by joel-hoelting

     

azure build pipeline does not start as triggered

2  Asked on November 22, 2021 by oleksa

 

How to fix Exception with queryStringParameters?

1  Asked on November 22, 2021 by mvn-2047

     

PostGIS ST_X() precision behaviour

1  Asked on November 22, 2021 by vance-tunnicliffe

     

merge Map and Array of objects by key

2  Asked on November 22, 2021

   

Changing react barcode format

1  Asked on November 22, 2021 by mig_08

   

MongoDB Document of Size 300kb taking 8-15s

2  Asked on November 22, 2021 by liqteq-developer

   

Ask a Question

Get help from others!

© 2022 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir