Azure App Service authorization/easy auth is conflicting ASP.NET Forms auth
Question
I want to enable App Service Authentication to protect development environment from public access. The App Service authentication itself is working fine, only people from our company Azure AD are allowed, all good.
But it is conflicting with the authentication of the website itself, after authenticating through Azure AD the website sees you as you are already logged in. And I don't understand how exactly it ends up conflicting, we are using Forms authentication, I've tried explicitly naming the cookie that forms auth should look for, and setting it to always use cookies for authentication, yet it's still conflicting.
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="~/sign-in" timeout="2880" requireSSL="true" cookieless="UseCookies" />
</authentication>
After logging in through microsoft, I see there's no.ASPXAUTH cookie, only AppServiceAuthSession, yet Forms auth sees me as logged in.
1 answers
solution1
0 ACCPTED 2020-05-02 13:35:11
I think you can solve this by removing the auth setting in web.config and use OWIN to inject a middleware (CustomMiddleware) before Authentication of the website itself. If user is authenticated by your CustomMiddleware, you carry on with your regular flow otherwise short circuit the request flow. In CustomMiddleware you can inspect the request headers, body etc to have authenticated cookie etc. I guess you have MVC style pipeline in your application. There are number of resources on internet which you can explore. One example is below.
https://www.tutorialsteacher.com/core/how-to-add-custom-middleware-aspnet-core
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.