I have the same issue. Did you find a solution? @Vilhelm Heiberg
Azure AD OpenIdConnect federation using AddMicrosoftIdentityWebApp and .NET Core 3.1
We are trying to set up federation to an Azure AD using OpenIdConnect in .NET Core 3.1.
But we get errors. We have search documentations but we have not found any good description on how to solve this fairly common task.
We are able to start the federation process, but it stops after the user has logged in and is redirected back to our server.
Then we get message.State is null or empty
which probably implies that the Middelware is not able to interpret the response.
What are we doing wrong?
We are using
Microsoft.Identity.Web
and the AddMicrosoftIdentityWebApp
More specifically, we are using this version of it:
authenticationBuilder.AddMicrosoftIdentityWebApp (Action<Microsoft.Identity.Web.MicrosoftIdentityOptions> configureMicrosoftIdentityOptions, Action<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions>? configureCookieAuthenticationOptions = default, string openIdConnectScheme = "OpenIdConnect", string? cookieScheme = "Cookies", bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents = false, string? displayName = default);
The reason for that is that our client supports several federations to several ADFS servers. We must use a custom scheme name to not come in conflict with other federations.
Here is the relevant section from Startup.cs
string tenantId = "<the Azure AD tenant Id>";
string authenticationScheme = "myCustomScheme";
string clientUrl = "https://myexampleclient.com/"
authenticationBuilder.AddMicrosoftIdentityWebApp(options =>
{
options.ResponseMode = "fragment"; // We have tried "form_post", "query" and "fragment".
options.Domain = new Uri(clientUrl).Host;
options.Instance = clientUrl;
options.TenantId = tenantId;
options.ClientId = "<the clientId>";
options.ClientSecret = "<the clientSecret>";
options.CallbackPath = "/auth/landing/azuread";
options.ResponseType = Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectResponseType.CodeIdToken;
options.MetadataAddress = "https://login.microsoftonline.com/" + tenantId + "/v2.0/.well-known/openid-configuration"
options.Scope.Add("openid");
options.Scope.Add("profile");
options.SignedOutRedirectUri = clientUrl + "auth/signout/";
}, null, authenticationScheme, authenticationScheme + ".Cookies", true, "MyAzureAdTest");
And here is the code in the controller
[Route("[controller]/openid/{name}")]
public IActionResult OpenId(string name)
{
if(name == "azuread")
{
string returnUrl = "/auth/landing/azuread";
string authenticationScheme = "myCustomScheme";
var props = new AuthenticationProperties
{
RedirectUri = returnUrl,
Items = { { "scheme", authenticationScheme } }
};
return Challenge(properties: props, authenticationScheme);
}
}
[HttpPost]
[HttpGet]
[Route("[controller]/landing/{name}")]
public async Task<IActionResult> Landing(string name)
{
// It never gets here..... instead the middleware throws an error.
}
3 answers
Sort by: Most helpful
-
-
Riya 1 Reputation point
2022-08-03T09:34:33.873+00:00 Did you find the solution? If yes please help me I am also having same problem.
-
Weber Michel (IT-OM-KB-RSU - Extern) 1 Reputation point
2023-01-05T08:19:29.9+00:00 Could it be, that the CallBackPath should be set to "/signin-oidc"?
As mentioned here:
https://github.com/dotnet/aspnetcore/issues/26932#issuecomment-709422116