Unable to login in multitenant application
Question
I have some confusion in Azure Ad Multi-Tenant Authentication.
My application is the Devexpress XAF Blazor Application in Visual Studio 2019.
Devexpress version 21.2.3
I want azure ad multitenant authentication, single-tenant authentication is working fine.
I have already followed below documents:-
https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/
https://itnext.io/why-you-should-be-using-azure-multi-tenant-apps-49d4704b926e
My Azure Ad Configuration is as below:
"AzureAd": {
"Instance": "https://login.microsoftonline.com/common",
//"Instance": "https://login.microsoftonline.com",
"AppIDURL": "https://Mydomain.onmicrosoft.com/MyApp",
"Domain": "my Domain",
"TenantId": "My Tenant Id",
"ClientId": "My Client Id",
"ClientCertificates": [],
"CallbackPath": "/signin-oidc"
},
When I used the below code in a startup.cs file
var authentication = services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme);
authentication
.AddCookie(options =>
{
options.LoginPath = "/LoginPage";
}).AddMicrosoftIdentityWebApp(Configuration, configSectionName: "AzureAd", cookieScheme: null);
Getting below error:-
IOException: IDX20807 : Unable to retrieve document from: 'System.String'. HttpResponseMessage: 'System.Net.Http.HttpResponseMessage', HttpResponseMessage.Content: 'System.String'.
Or
When I used the below code
var authentication = services.AddAuthentication(AzureADDefaults.AuthenticationScheme);
authentication
.AddCookie(options =>
{
options.LoginPath = "/LoginPage";
}).AddAzureAD(options => Configuration.Bind("AzureAd", options));
I was able to login into the application but was not able to log out of the application it login again and Devexpress login page was also not visible (as mentioned above LoginPath).
We have multiple Authentication schemes like below:-
- CookieAuthenticationDefaults.AuthenticationScheme
- AzureADDefaults.AuthenticationScheme
- OpenIdConnectDefaults.AuthenticationScheme
But which one was used in Azure Ad Multi-Tenant Application.
2 answers
solution1
0 2021-12-15 15:38:43
Hellow,
- Looks like AddAzureAD is obsolet. Form me it dosn't work at all with my app settring (TenadID, ClientId...)
- I have the same problem when I replace "Instance": "https://login.microsoftonline.com", to "Instance": "https://login.microsoftonline.com/common",
I sugest you to upload debug simbols too see the exat problem in the HttpDocumentRetriever.GetDocumentAsync
For me it's StatusCode 400 or 404 In VisualStudio go to: Tools->Options->Debugging->Symbols.
The seccond problem with "was not able to log out"
- You set that default sheme is AzureADDefaults.AuthenticationScheme
- AzureAD uses cookie scheme to store user data. It's by default of course and you can change it.
- When you call LogOut the xaf application calls await context.SignOutAsync(); That means that the default scheme is used, but default scheme is "AzureADDefaults.AuthenticationScheme" in that case. The cookie still with you.
I am not shure that you need to put the "AzureADDefaults.AuthenticationScheme" as a defaut scheme or I don't know a reason to do that.
It's better to try the authentication without XAF when you need some complex solution and XAF doesn't work with that from the box.
Of cource you can override XAF log out logic where they perform context.SignOutAsync() by your own. They use a middleware for it, you can write you own and register it before XAF middleware(s) registration, before
app.UseXaf();
Your middleware can look like
using System;
using System.Threading.Tasks;
using DevExpress.ExpressApp.Blazor.Services;
using DevExpress.ExpressApp.Blazor.Utils;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
namespace MyApplication {
public class CustomSignInMiddleware {
private readonly RequestDelegate next;
public CustomSignInMiddleware(RequestDelegate next) {
this.next = next;
}
public async Task Invoke(HttpContext context, ILogger<CustomSignInMiddleware> logger = null) {
string requestPath = context.Request.Path.Value.TrimStart('/');
string returnUrl = ReturnUrlHelper.ExtractReturnUrl(context.Request);
if(requestPath.StartsWith(SignInMiddlewareDefaults.SignOutEndpointName, StringComparison.Ordinal)) {
await context.SignOutAsync();
context.Response.Redirect(returnUrl);
}
else {
await next(context);
}
}
}
}
and use SignOutAsync with desired scheme. Don't forget to register
app.UseMiddleware<CustomSignInMiddleware>();
app.UseXaf();
solution2
0 2021-12-16 03:36:23
Thanks, Dima for your reply,
But the problem is resolved with the correct setting suggested by Microsoft Team.
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "Mydomain",
"ClientId": "My Client Id",
"TenantId": "organizations", // It is must in Multi Tenant application
"CallbackPath": "/signin-oidc"
},
And My Startup file as below
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>
{
options.LoginPath = "/LoginPage";
}).AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"), cookieScheme: null);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.