无法进行身份验证 - 带有 Azure Active Directory (OpenIdConnect) 的 Azure Web 应用

Question

I have created a web app in azure and i am using Azure AD authentication (OpenID-Connect) to authenticate my web app. but i couldn't authenticate web app in few machines.

In some machines it(AAD authentication) working in google chrome, not in IE,Edge, Firefox. few times its worked in all the browsers.

I have failed in below steps

1. Removed all the cookies and claims
2. Clear the session and tested in private mode

In Startup.cs

public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

app.UseCookieAuthentication(new CookieAuthenticationOptions());

app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = Config.ClientId,
                    ClientSecret = Config.ClientSecret,
                    Authority = Config.Authority,
                    PostLogoutRedirectUri = Config.PostLogoutRedirectUri, 
                    RedirectUri = Config.PostLogoutRedirectUri,  
                    Notifications = new OpenIdConnectAuthenticationNotifications()
                    { 
                    }
                });
}

When i tried to login with Azure AAD. i received error message like 'We couldn't sign you in. Please try again.'

info:

No error Log in browser console

URL : ** https://login.microsoftonline.com/TENANTID/oauth2/authorize?client_id=CLIENTID&redirect_uri=URL&response_mode=form_post&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3TOKEN&x-client-SKU=ID_NET461&x-client-ver=5.5.0.0 **

Enabled the azure authentication/authorization

Answer 1

Issue: working in google chrome, not in IE, Edge, Firefox, Safari. few times it worked in all the browsers.

HOW TO RESOLVE THIS ISSUE: The problem has been fixed in ASP.NET core. To resolve this issue, you can upgrade your application to use ASP.NET Core. If you must continually stay on ASP.NET, perform the following: Update your application's Microsoft.Owin.Host.SystemWeb package be at least version and Modify your code to use one of the new cookie manager classes, for example something like the following:

app.UseCookieAuthentication(new CookieAuthenticationOptions 
{ 
    AuthenticationType = "Cookies", 
    CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager() 
});

Reference Link

Answer 2

After some research, I found that you need to use HTTPS and also write this piece of code under de Startup.cs file:

using Microsoft.Owin.Host.SystemWeb;


public void ConfigureAuth(IAppBuilder app)
{
    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

    app.UseCookieAuthentication(new CookieAuthenticationOptions {
                CookieManager = new SystemWebCookieManager()
    });
...

If you are using Azure App, follow these steps to force the application to always use https:

1. Log in to the Azure portal.

2. Navigate to App Services.

3. Click on the reported App.

4. Under Setting section, Click on 'TLS/SSL settings'.

5. In 'Protocol Settings', Set 'HTTPS Only' to 'On'.

Answer 3

I ran into the same error message. But in my case I saw in the console a lot of calls on my app's /signin-oidc (302's).

The problem was that I removed the following line from the ConfigureServices method:

services.Configure<CookiePolicyOptions>(options =>
            {
                // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });

After replacing it all worked fine.

HTH, J.