Asp.net Core and Microsoft account authentication access denied

0
votes

I'm trying to setup Microsoft Account Authentication in an ASP.net core application.
I pretty much followed ben day's post expect I couldn't get to the end.
Once the user is redirect to the step where it should enter the email address, I'm instead redirected to an access denied page (from my asp.net application).
In the console I can see the following error messsages:

Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware:Information: AuthenticationScheme: Identity.External signed in. Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 1260.8977ms 302 Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:44394/
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: . Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Warning: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'. Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes (). Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware:Information: AuthenticationScheme: Identity.External was successfully authenticated. Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware:Information: AuthenticationScheme: Identity.External was forbidden. Microsoft.AspNetCore.Authentication.MicrosoftAccount.MicrosoftAccountMiddleware:Information: AuthenticationScheme: Microsoft was forbidden.

Here is my current configuration (very simple)

app.UseIdentity(); app.UseMicrosoftAccountAuthentication(new MicrosoftAccountOptions { DisplayName = "Microsoft Account", ClientId = "my id", ClientSecret = "my secret", AutomaticChallenge = true });

Any idea why I get an access denied?

1
authenticationazure-active-directoryasp.net-core-1.0

1 Answers

1
votes

I am trying to build a Asp.Net core web application which authenticate with the Microsoft Account and it works well for me. It using the cookie and Microsoft Account components and here is the code for your reference:

app.UseCookieAuthentication(new CookieAuthenticationOptions());

app.UseMicrosoftAccountAuthentication(new MicrosoftAccountOptions {
            DisplayName = "Microsoft Account",
            ClientId = "",
            ClientSecret = "",
            AutomaticChallenge = true,
            SignInScheme= "Cookies"
});

public async Task Login()
{

     await HttpContext.Authentication.ChallengeAsync(new AuthenticationProperties() { RedirectUri = "/" });
}

And you can refer the full code samples from here. To run this code sample, you need to register the apps from here first and add the web platform and config the redirect URL http://localhost:7507/signin-microsoft.

And for the original issue, since there is no Asp.net 5 templates anymore, it is helpful if you can provide a demo project to help to reproduce this issue.