Open Closed

Setting up Microsoft Azure A/D Login #10620


0
hra created

I'm setting up Azure A/D authentication integation to our AspNetZero Angular/Core application.

After reading this document: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant

I found that all I allegedly need to do is enable Microsoft (social) logins - which AspNetZero supports. https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Features-Angular-Social-Logins

I did so, and the "Microsoft" button appears on the tenant login page. Great. However, after using that button to log into my Microsoft account, the AspNetZero page shows an error popup "Could not validate external user login".

I'm guesing there is some step I am missing? But I don't know what it is. Something method I'm supposed to override in the .Net Core code?

The following documentation explains what should happen if an external account is and isn't identified for EXTERNAL authentication - but I'm not sure if that should apply to Microsoft auth as your documentation identifies that as "Social" authentication. https://aspnetboilerplate.com/Pages/Documents/Zero/User-Management

Anyway, the missing knowledge is... I ASSUME that one should only be able to "log in" with a Microsoft account that was used to first CREATE an AspNetZero user account... however, when I visit the tenant "create account" page, there is no "Create with Microsoft" button...

What am I missing?

Thanks,

--- UPDATE --- I've found something in the TokenAuthController ProviderKey comparison which looks likely to be a bug... confirm? Note how the provider key in the UserInfo object differs from the provider key in the Model by only the hypens being stripped (see watch window in screenshot). Bug?

--- UPDATE 2 --- Using the inspector, I updated the ProviderKey to match such that the comparison passes. The next issue is that by the time "UserManager.FindAsync" is called, no tenant id is provided by the code - which means the the query against UserLogin doesnt find the entry that is mapped to a specific tenant. I'm guessing this should have been populated somehow by now? How is the query to find the UserLogin supposed to know which tenant to search under?

--- UPDATE 3 ---

Clearly there are issues here. Status? https://github.com/aspnetzero/aspnet-zero-core/issues/3046

I guess these are the same issues. Broken for almost 2 years? I can get accounts to be created if I tweak the ProviderKey comparison to strip hyphens - however the activate user cannot log in (error "User name XXX is already taken") because the search for the user account is performed with a null tenancyName.


3 Answer(s)
  • 0
    ismcagdas created
    Support Team

    Hi @hra

    Could you share which version of AspNet Zero you are using ? There was a problem with the Microsoft login but it is fixed in the one latest versions.

    For Azure AD login, you can also use OpenID Connect. You just need to enable it in the appsettings.json just like you did for Microsoft login.

    Thanks,

  • 0
    hra created

    Hi @ismcagdas,

    I'm on version 10.0 of Core/Angular.

    Whats the justification for using OpenID Conect vs Microsoft?

  • 0
    ismcagdas created
    Support Team

    Hi @hra

    Sorry for my late reply. For AspNet Zero, Microsoft Login sometimes causes problem with Office 365 Login. OpenID Connect has a wider support range from 3rd parties.