Activities of "Pharm3r"

oh sorry Luca, yesterday I was getting the exact same error on the following line in TokenAuthController.cs

private async Task<ExternalAuthUserInfo> GetExternalUserInfo(ExternalAuthenticateModel model) { var userInfo = await _externalAuthManager.GetUserInfo(model.AuthProvider, model.ProviderAccessCode);

Dear @luca.teodori,

I was getting the exact same error too. The only way I could get Azure B2C to work so far is implement the code provided by @ismcagdas in ticket https://support.aspnetzero.com/QA/Questions/9789/Azure-B2C-OpenId-new-user-login-failing

I implemented the code mentioned above and called my own "GetUserInfo" method rather calling the abp code. I changed a line in @ismcagdas' code:

From: var issuer = ProviderInfo.AdditionalParams["Authority"];

To: var issuer = "https://<myTenantName>.b2clogin.com/<myTenantName>.onmicrosoft.com/<PolicyName>";

Here are my appsettings.json for "OpenId":

"IsEnabled": "true", "ClientId": "<AppRegistrationClientId>", "Authority": "https://<myTenantName>.b2clogin.com/<myTenantId>/v2.0/", "LoginUrl": "https://<myTenantName>.b2clogin.com/tfp/<myTenantName>.onmicrosoft.com/<PolicyName>/oauth2/v2.0/authorize",

In Azure B2C, I had to create an App Registration and a Sign-in "User Flows"

Kind Regards,

Darrell

Dear Support,

1. Are there any working examples for Azure B2C with Angular? I am geting the same error as in https://support.aspnetzero.com/QA/Questions/10332/Azure-AD-B2C-login-implementation

The only way I could get this to work is implement and call the above method "GetUserInfo" and change the line:

From: var issuer = ProviderInfo.AdditionalParams["Authority"];

To: var issuer = "https://<myTenantName>.b2clogin.com/<myTenantName>.onmicrosoft.com/<PolicyName>";

Here are my appsettings.json for "OpenId":

"IsEnabled": "true", "ClientId": "<AppRegistrationClientId>", "Authority": "https://<myTenantName>.b2clogin.com/<myTenantId>/v2.0/", "LoginUrl": "https://<myTenantName>.b2clogin.com/tfp/<myTenantName>.onmicrosoft.com/<PolicyName>/oauth2/v2.0/authorize",

2. When using Azure B2C for a multi-tenant application, do I need to implement special logic so only users with a specific email alias can log into a tenant. For example, only users with email address @demo.com and login into tenant https://demo.myapp.com?

Kind Regards,

Darrell

If helpful to resolve the issue, below is the code I added in appInitializerFactory (root.module.ts)  before  the line appSessionService.init()...

function setTenantIdCookieIfTenancyNameIsNotNull(injector: Injector) {
    return new Promise<void>((resolve, reject) => {
        abp.utils.deleteCookie(abp.multiTenancy.tenantIdCookieName);

        //new variable AppConsts.subdomain was set in AppPreBootstrap.getApplicationConfig()
        if (AppConsts.subdomain && AppConsts.subdomain != 'www') {
            let input = new IsTenantAvailableInput();
            input.tenancyName = AppConsts.subdomain;

            let accountServiceProxy: AccountServiceProxy = injector.get(AccountServiceProxy);

            accountServiceProxy.isTenantAvailable(input).subscribe((result: IsTenantAvailableOutput) => {
                if (result.state == TenantAvailabilityState.Available) {
                    abp.multiTenancy.setTenantIdCookie(result.tenantId);
                }
                resolve();
            });
        } else {
            resolve();
        }
    });
}

Thanks for your response @ismcagdas.

The Angular code would not know what the Abp.TenantId to set in a cookie because the login attempt has not authenticated. Am I correct?

In the Authenticate method, I ran the following code on the Linux Azure Web App and returned the header values to the Angular client in the error message. The Referer and Origin values were:

Referer https://demo.MyCustomDomain.com/ Origin https://demo.MyCustomDomain.com

How does AbpSession from Abp.AspNetCore.Mvc.Controllers determine the subdomain other than using the Referer or Origin header?

string headers = ""; foreach (var header in Request.Headers) { headers += " Key: " + header.Key + " value: " + header.Value; }

Product Version: 10.2.0 Product Type: Angular Framework Type: .Net Core API Deployed To: Docker Container on Linux (Azure Web App) UI Deployed To: Azure Storage with Azure CDN

Dear Support Professional,

During the form login process, for the API endpoint api/TokenAuth/Authenticate, the Tenancy Name is Null. However, the form request is sent from a client browser's URL with a subdomain, for example, https://demo.MyCustomDomain.com  (<-- where "MyCustomDomain.com" is our custom domain)

In Chrome's Developer Tools, in the Request Headers for the Authenticate API call, "origin" and "referrer" property is https://demo.MyCustomDomain.com

I successfully created the Tenant named Demo and setup the user that I am attempting to login with.

I can confirm the remote API can read the app setting ServerRootAddress. I added the app setting as follows:

"ServerRootAddress": "https://{TENANCY_NAME}.MyCustomDomain.com/"

In the Angular appconfig.json, I set the appBaseUrl as https://{TENANCY_NAME}.MyCustomDomain.com