Hi,
We had a hard time using Azure AD for authentication with ASP.Net Zero (ASP.NET Zero Core & jQuery). Our understanding is to use OpenID Connect for authentication. It took us to the Microsoft login page and we can see the reply URL ('/signin-oidc') with a 'Identity.External' cookie. But it redirected us to the application login page. After stepping through the 'ExternalLoginCallback' action method, we realized that the 'GetExternalLoginInfoAsync' returned null.
This is the only change we made to the appsettings.json file.
"OpenId": {
"IsEnabled": "true",
"Authority": "https://login.microsoftonline.com/{tenant_id}/v2.0",
"ClientId": "{Client_id}",
"ClientSecret": ""
}
Are we missing some configurations for OpendId to work? is there any way for us to retrieve error messages from 'GetExternalLoginInfoAsync'?
Thank you.
9 Answer(s)
-
0
Hi @entripy
Are there any error messages in App_Data/Logs/Log.txt file under your web project ?
-
0
Hi,
There are no errors in Log.txt. The followings are part of log related to the external login. The last line is the log after 'ExternalLoginCallback' return null
INFO 2018-11-06 09:52:45,580 [8 ] ore.Mvc.Internal.ControllerActionInvoker - Executing action method MyTestProject.Web.Controllers.AccountController.ExternalLogin (MyTestProject.Web.Mvc) with arguments (OpenIdConnect, /App, ) - Validation state: Valid INFO 2018-11-06 09:52:47,753 [8 ] ore.Mvc.Internal.ControllerActionInvoker - Executed action method MyTestProject.Web.Controllers.AccountController.ExternalLogin (MyTestProject.Web.Mvc), returned result Microsoft.AspNetCore.Mvc.ChallengeResult in 2172.7945ms. INFO 2018-11-06 09:52:47,936 [8 ] Microsoft.AspNetCore.Mvc.ChallengeResult - Executing ChallengeResult with authentication schemes (OpenIdConnect). INFO 2018-11-06 09:52:49,461 [19 ] ation.OpenIdConnect.OpenIdConnectHandler - AuthenticationScheme: OpenIdConnect was challenged. INFO 2018-11-06 09:52:49,465 [19 ] ore.Mvc.Internal.ControllerActionInvoker - Executed action MyTestProject.Web.Controllers.AccountController.ExternalLogin (MyTestProject.Web.Mvc) in 5905.7891ms INFO 2018-11-06 09:52:49,465 [19 ] soft.AspNetCore.Hosting.Internal.WebHost - Request finished in 6361.7538ms 302 INFO 2018-11-06 09:52:50,225 [8 ] soft.AspNetCore.Hosting.Internal.WebHost - Request starting HTTP/1.1 POST http://localhost:62114/signin-oidc application/x-www-form-urlencoded 1779 INFO 2018-11-06 09:52:53,453 [8 ] tion.Cookies.CookieAuthenticationHandler - AuthenticationScheme: Identity.External signed in. INFO 2018-11-06 09:52:53,481 [8 ] soft.AspNetCore.Hosting.Internal.WebHost - Request finished in 3255.3743ms 302 INFO 2018-11-06 09:52:53,530 [4 ] soft.AspNetCore.Hosting.Internal.WebHost - Request starting HTTP/1.1 GET http://localhost:62114/Account/ExternalLoginCallback?ReturnUrl=%2FApp&authSchema=OpenIdConnect
INFO 2018-11-06 09:52:54,100 [4 ] ore.Mvc.Internal.ControllerActionInvoker - Route matched with {action = "ExternalLoginCallback", controller = "Account", area = ""}. Executing action MyTestProject.Web.Controllers.AccountController.ExternalLoginCallback (MyTestProject.Web.Mvc) INFO 2018-11-06 09:52:54,984 [4 ] ore.Mvc.Internal.ControllerActionInvoker - Executing action method MyTestProject.Web.Controllers.AccountController.ExternalLoginCallback (MyTestProject.Web.Mvc) with arguments (/App, , ) - Validation state: Valid WARN 2018-11-06 09:53:07,779 [4 ] roject.Web.Controllers.AccountController - Could not get information from external login. -
0
Hi ismcagdas,
I examined the id_token in the response form data from "http://localhost:62114/signin-oidc". It is an Azure AD V2 token with claim [preferred_username] value be the same as the logon name I used. Seems authenticate with Azure AD is working.
The question is why "GetExternalLoginInfoAsync" is still returning null.
Thank you.
-
0
Hi @entripy
Our implementation requires the below claims to be returned from OpenId provider. Could you configure Azure AD to return those claims ?
- name
- unique_name
- aud
-
0
Hi ismcagdas,
unique_name was missing in the Azure AD V2 token. I switched to Azure AD V1 token and all three claims (name, unique_name and aud) have values now. But 'GetExternalLoginInfoAsync' still returns null.
Thanks, Keith
-
0
Could you try using "https://sts.windows.net/{AZURE_TENANT_ID}/" for the Authority setting ?
-
0
Tried to use the suggested authority. No change. Values available in Token but 'GetExternalLoginInfoAsync' returns null.
-
0
Not sure if it will help, but take a look at my post at:
https://support.aspnetzero.com/QA/Questions/5763
I was having the same issue with GetExternalLoginInfoAsync returning null. Specifically, take a look at the OnTicketReceived event handler I added in AuthConfigurer.cs. What I found was that the GetExternalLoginInfo method was looking for a NameIdentifier claim that is not there for the different openIdConnect vendors I've tried.
Hope it helps.
-
0
Hi @cmthomps,
Thanks for sharing. It is working after putting the OnTicketReceived event handler in.
Thanks @cmthomps Thanks @ismcagdas
