When using Azure Single sing on as Auth Method my app gets stuck in a Infinite loop when redirecting to my app

0
votes

we have a web application built in c# and Angularjs and config to use windows authentication, recently I removed Windows Auth and add Single Sign-On (Azure AD), the problem once I entered my credentials and click logging it never takes me to the web app its like is in a loop trying to log in, this is how my log looks like.

2018-05-10 16:28:05 ::1 POST /portal - 443 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:59.0)+Gecko/20100101+Firefox/59.0 https://login.microsoftonline.com/f8b6a2d7-0364-40ce-943e-eb02d6c35deb/oauth2/authorize?client_id=359xxxx2-877e-xxx-9538-9e_xxxxxxxxxxxxxxxxxxxx

2018-05-10 16:28:05 ::1 GET /portal - 80 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:59.0)+Gecko/20100101+Firefox/59.0 - 302 0 0 2

2018-05-10 16:28:35 ::1 POST /portal - 443 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:59.0)+Gecko/20100101+Firefox/59.0 https://login.microsoftonline.com/f8b6axce-943e-eb02dxdeb/oauth2/authx272-877e-4xx4-9538-9e63a5a810d32Exxxxxxx.40306.1x54 302 0 64 29x4

2018-05-10 16:36:15 ::1 GET /portal - 80 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 - 302 0 0 2

2018-05-10 16:37:36 ::1 POST /portal - 443 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/66.0.3359.139+Safari/537.36 https://login.microsoftonline.com/kmsi 302 0 64 43715

And like that on and on!

my StartUp.Auth.cs

public void ConfigureAuth(IAppBuilder app)
    {
        ApplicationDbContext db = new ApplicationDbContext();

        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = Authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,

                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
                    AuthorizationCodeReceived = (context) =>
                    {
                        var code = context.Code;
                        ClientCredential credential = new ClientCredential(clientId, appKey);
                        string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
                        AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
                        return authContext.AcquireTokenByAuthorizationCodeAsync(
                           code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
                    }
                }

Any Suggestion what might be happening here

1
c#azuresingle-sign-on
I see mixtures of port 80 and 443 in the logs. Have you configured HTTPS everywhere? Including the Azure AD reply URL?juunas
I'm pretty sure I did Im making some changes to my app.UseOpenIdConnectAuthentication nowuser3376642

1 Answers

0
votes

When using Azure Single sing on as Auth Method my app gets stuck in a Infinite loop when redirecting to my app

I would recommend you check whether you explicitly decorate your action method or controller with AuthorizeAttribute and specify the Roles or Users who are authorized to access the relevant resource. Moreover, here is a similar issue, you could refer to it.

Based on your code, you are using ASP.NET OpenID Connect OWIN middleware to sign in users from a AAD tenant. You could follow the detailed tutorial about Integrate Azure AD into a web application using OpenID Connect to compare with your code to narrow this issue.

Moreover, you could also use ADAL for JavaScript in your AngularJS application for acquiring the token in your frontend, then your backend just needs to validate the bearer token. Details you could follow Call an Azure AD protected Web API in an AngularJS Single Page App.