Use ASP.Net Core 2 Identity with Azure Ad single tenant authentication

3
votes

I would like to get help from community for one problem that I don't understand. I create asp.net core 2 web application and I would like to configure the app to be able to login from the app via aspnetuser table or by using O365 Company account. Then I followed multiple techniques described on the web included on MSDN website. The app authentication works fine but Azure add returned : Error loading external login information. I checked inside the code by generating identity views, the app failed on:

 var info = await _signInManager.GetExternalLoginInfoAsync();
        if (info == null)
        {
            ErrorMessage = "Error loading external login information.";
            return RedirectToPage("./Login", new { ReturnUrl = returnUrl });
        }

await _signInManager.GetExternalLoginInfoAsync(); return null and return the error message.

The application is correctly configured in azure AD and it work from my app if I remove the authentication from the app.

I configured my app middlewares as follow:

public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        services.AddAuthentication(AzureADDefaults.AuthenticationScheme).AddCookie()
            .AddAzureAD(options => Configuration.Bind("AzureAd", options));
        services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
        {
            options.Authority = options.Authority + "/v2.0/";
            options.TokenValidationParameters.ValidateIssuer = true;
        });

And in configure method I added

app.UseAuthentication();

When I arrive on my login screen app (scaffolded by VS) all seems correct:

Login screen with two possibilities for authentication]:

Login screen with two possibilities for authentication

Error message when i try Azure Active Directory method:

Error message when i try Azure Active Directory method

Can someone explain and help me to solve this problem?

Thanks in advance

2
asp.net-coreasp.net-identityazure-active-directory
Hi, little update concerning my post. After some multiple test i found the solution. I don't know if it's the best but it's working fine in my side. I implemented all AzureAd classes for authentication in my own project without using the provided stuff from .Net core to handle it. Hope will be fixed in next release maybe...Valentin Lecerf
I have the same issue using .NET Core 3.1 Any ideas?michalczerwinski

2 Answers

5
votes

The solution is to add cookieschemename as externalscheme. Below is sample code block in Startup.cs file.

 services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => { Configuration.Bind("AzureAd", options); options.CookieSchemeName = IdentityConstants.ExternalScheme; });
2
votes

Unfortunately I had more or less the exact same problem. Although the Azure sample worked on its own, when I tried to integrate it to an existing application that uses Identity and other external authentication services, I could not get AzureAD to work. The interesting thing is that although in the output window I could see logging messages saying that the login was accomplished.

What I did (and this is more of a workaround rather than an exact solution to the problem) was to abandon using the Microsoft.AspNetCore.Authentication.AzureAD.UI package and I opted to go the longer way and configure OpenID manually for Azure. This article helped me immensely towards that end.

Having said that, I hope someone posts a more direct answer to your question.