Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Need help setting OpenId Connect with Azure AD #5897


User avatar
0
entripy created

Hi,

We had a hard time using Azure AD for authentication with ASP.Net Zero (ASP.NET Zero Core & jQuery). Our understanding is to use OpenID Connect for authentication. It took us to the Microsoft login page and we can see the reply URL ('/signin-oidc') with a 'Identity.External' cookie. But it redirected us to the application login page. After stepping through the 'ExternalLoginCallback' action method, we realized that the 'GetExternalLoginInfoAsync' returned null.

This is the only change we made to the appsettings.json file.

"OpenId": { "IsEnabled": "true", "Authority": "https://login.microsoftonline.com/{tenant_id}/v2.0", "ClientId": "{Client_id}", "ClientSecret": ""
}

Are we missing some configurations for OpendId to work? is there any way for us to retrieve error messages from 'GetExternalLoginInfoAsync'?

Thank you.


9 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @entripy

    Are there any error messages in App_Data/Logs/Log.txt file under your web project ?

  • User Avatar
    0
    entripy created

    Hi,

    There are no errors in Log.txt. The followings are part of log related to the external login. The last line is the log after 'ExternalLoginCallback' return null

    INFO 2018-11-06 09:52:45,580 [8 ] ore.Mvc.Internal.ControllerActionInvoker - Executing action method MyTestProject.Web.Controllers.AccountController.ExternalLogin (MyTestProject.Web.Mvc) with arguments (OpenIdConnect, /App, ) - Validation state: Valid INFO 2018-11-06 09:52:47,753 [8 ] ore.Mvc.Internal.ControllerActionInvoker - Executed action method MyTestProject.Web.Controllers.AccountController.ExternalLogin (MyTestProject.Web.Mvc), returned result Microsoft.AspNetCore.Mvc.ChallengeResult in 2172.7945ms. INFO 2018-11-06 09:52:47,936 [8 ] Microsoft.AspNetCore.Mvc.ChallengeResult - Executing ChallengeResult with authentication schemes (OpenIdConnect). INFO 2018-11-06 09:52:49,461 [19 ] ation.OpenIdConnect.OpenIdConnectHandler - AuthenticationScheme: OpenIdConnect was challenged. INFO 2018-11-06 09:52:49,465 [19 ] ore.Mvc.Internal.ControllerActionInvoker - Executed action MyTestProject.Web.Controllers.AccountController.ExternalLogin (MyTestProject.Web.Mvc) in 5905.7891ms INFO 2018-11-06 09:52:49,465 [19 ] soft.AspNetCore.Hosting.Internal.WebHost - Request finished in 6361.7538ms 302 INFO 2018-11-06 09:52:50,225 [8 ] soft.AspNetCore.Hosting.Internal.WebHost - Request starting HTTP/1.1 POST http://localhost:62114/signin-oidc application/x-www-form-urlencoded 1779 INFO 2018-11-06 09:52:53,453 [8 ] tion.Cookies.CookieAuthenticationHandler - AuthenticationScheme: Identity.External signed in. INFO 2018-11-06 09:52:53,481 [8 ] soft.AspNetCore.Hosting.Internal.WebHost - Request finished in 3255.3743ms 302 INFO 2018-11-06 09:52:53,530 [4 ] soft.AspNetCore.Hosting.Internal.WebHost - Request starting HTTP/1.1 GET http://localhost:62114/Account/ExternalLoginCallback?ReturnUrl=%2FApp&authSchema=OpenIdConnect
    INFO 2018-11-06 09:52:54,100 [4 ] ore.Mvc.Internal.ControllerActionInvoker - Route matched with {action = "ExternalLoginCallback", controller = "Account", area = ""}. Executing action MyTestProject.Web.Controllers.AccountController.ExternalLoginCallback (MyTestProject.Web.Mvc) INFO 2018-11-06 09:52:54,984 [4 ] ore.Mvc.Internal.ControllerActionInvoker - Executing action method MyTestProject.Web.Controllers.AccountController.ExternalLoginCallback (MyTestProject.Web.Mvc) with arguments (/App, , ) - Validation state: Valid WARN 2018-11-06 09:53:07,779 [4 ] roject.Web.Controllers.AccountController - Could not get information from external login.

  • User Avatar
    0
    entripy created

    Hi ismcagdas,

    I examined the id_token in the response form data from "http://localhost:62114/signin-oidc". It is an Azure AD V2 token with claim [preferred_username] value be the same as the logon name I used. Seems authenticate with Azure AD is working.

    The question is why "GetExternalLoginInfoAsync" is still returning null.

    Thank you.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @entripy

    Our implementation requires the below claims to be returned from OpenId provider. Could you configure Azure AD to return those claims ?

    • name
    • unique_name
    • aud
  • User Avatar
    0
    entripy created

    Hi ismcagdas,

    unique_name was missing in the Azure AD V2 token. I switched to Azure AD V1 token and all three claims (name, unique_name and aud) have values now. But 'GetExternalLoginInfoAsync' still returns null.

    Thanks, Keith

  • User Avatar
    0
    ismcagdas created
    Support Team

    Could you try using "https://sts.windows.net/{AZURE_TENANT_ID}/" for the Authority setting ?

  • User Avatar
    0
    entripy created

    Tried to use the suggested authority. No change. Values available in Token but 'GetExternalLoginInfoAsync' returns null.

  • User Avatar
    0
    cmthomps created

    Not sure if it will help, but take a look at my post at:

    https://support.aspnetzero.com/QA/Questions/5763

    I was having the same issue with GetExternalLoginInfoAsync returning null. Specifically, take a look at the OnTicketReceived event handler I added in AuthConfigurer.cs. What I found was that the GetExternalLoginInfo method was looking for a NameIdentifier claim that is not there for the different openIdConnect vendors I've tried.

    Hope it helps.

  • User Avatar
    0
    entripy created

    Hi @cmthomps,

    Thanks for sharing. It is working after putting the OnTicketReceived event handler in.

    Thanks @cmthomps Thanks @ismcagdas