I'm getting the below error when I try to login using Google on my web app.
It works fine when using localhost
This pelusoftcamerawebapp.azurewebsites.net page can’t be found No web
page was found for the web address:
https://pelusoftcamerawebapp.azurewebsites.net/signin-google?state=CfDJ8BRnSyuVZrdLjm6frrOu1DBgXqvK5dey3eI632SEKrS7vg........
goole login code:
[HttpGet]
[Route("google-login")]
public IActionResult GoogleLogin(string returnUrl = null)
{
var authProperties = new Microsoft.AspNetCore.Authentication.AuthenticationProperties
{
RedirectUri = string.IsNullOrEmpty(returnUrl) ? "account/profile" : returnUrl,
IsPersistent = true
};
return Challenge(authProperties, new string[] { "google" });
}
I have added pelusoftcamerawebapp.azurewebsites.net to the google console domain verification
do you have any idea?
Since Google has shutdown Google Plus so Google Plus based authentication mechanism has been changed and it has also effected the existing Google authentication in ASP.NET and ASP.NET Core.
Microsoft has updated the Google authentication library for both ASP.NET and ASP.NET Core.
Here is the more details: Google+ based auth deprecation and replacement
Related
I have a multi-tenant Web API of tenant A. It has permissions exposed and accepted by a B2C Web API of tenant B. (The API App Services live in the same tenant, but their AD instances are separate due to the one being a B2C tenant).
I have the following code in my B2C Web API authenticating with tenant B to access the multi-tenant Web API of tenant A.
I'm using Microsoft.Identity.Web (v1.25.5) and .NET Core (6), and so I don't have to handle making unnecessary calls to get an access token, I'm using the IDownstreamWebApi helper classes (though I have tried without according to the documentation, but land up with the same error.)
My code:
appsettings.json
program.cs
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(options =>
{
builder.Configuration.Bind("AzureAdB2C", options);
},
options => {
builder.Configuration.Bind("AzureAdB2C", options);
})
.EnableTokenAcquisitionToCallDownstreamApi(options =>
{
builder.Configuration.Bind("AzureAdB2C", options);
})
.AddDownstreamWebApi("TenantAApi", options =>
{
builder.Configuration.Bind("TenantAApi", options);
})
.AddInMemoryTokenCaches();
Calling code:
var response = await _downstreamWebApi.CallWebApiForAppAsync(
"TenantAApi",
options =>
{
options.HttpMethod = httpMethod;
options.RelativePath = url;
}, content);
var responseContent = await response.Content.ReadAsStringAsync();
The error I receive:
MSAL.NetCore.4.48.0.0.MsalClientException:
ErrorCode: tenant_override_non_aad
Microsoft.Identity.Client.MsalClientException: WithTenantId can only be used when an AAD authority is specified at the application level.
at Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithTenantId(String tenantId)
at Microsoft.Identity.Web.TokenAcquisition.GetAuthenticationResultForAppAsync(String scope, String authenticationScheme, String tenant, TokenAcquisitionOptions tokenAcquisitionOptions)
at Microsoft.Identity.Web.DownstreamWebApi.CallWebApiForAppAsync(String serviceName, String authenticationScheme, Action`1 downstreamWebApiOptionsOverride, StringContent content)
What doesn't make sense is that I'm calling this from a B2C Web API, from what I can see in the existing AbstractAcquireTokenParameterBuilder code (see line 292), B2C authorities are not AAD specific, and even so, adding an Authority or AadAuthorityAudience to my AzureAdB2C config object has no effect.
Am I missing a configuration property somewhere?
It seems that this isn't possible according to the following wiki post -
https://github.com/AzureAD/microsoft-identity-web/wiki/b2c-limitations#azure-ad-b2c-protected-web-apis-cannot-call-downstream-apis
For now I'm going to try a different approach and get an access token with a ConfidentialClientApplication object, and if that doesn't work, create a separate app registration in the other tenant and authenticate with that instead.
I have a Blazor WASM application communicating with a ASP.NET 6 Web API.
User authentication is done via Azure AD B2C by attaching the AD token to Http requests sent to the Server using
builder.Services.AddHttpClient("Portal.ServerAPI", client => client.BaseAddress = new Uri("https://localhost:7001/api/"))
.AddHttpMessageHandler<SslAuthorizationMessageHandler>();
User specific information like UserRoles is stored in a user database.
I'm using the RemoteAuthenticatorView.OnLoginSuceeded handler to load the user profile containing the roles from the API server.
Then I add a new identity to the existing ClaimsPrincipal which I get from the AuthenticationStateProvider like so:
var state = await authStateProvider.GetAuthenticationStateAsync();
var user = state.User;
if (user.Identities.Any(x => x.Label == "myAuthToken"))
{
return;
}
// Turn the JWT token into a ClaimsPrincipal
var principal = tokenService.GetClaimsPrincipal(sslToken);
var identity = new ClaimsIdentity(principal.Identity);
identity.Label = "myAuthToken";
user.AddIdentity(identity);
Not sure if that's the right way to do this but it works fine.
Now my problem:
When I refresh the page by hitting F5 in the browser the above handler is not called and the roles are not written to the new identity, means user.IsInRole("myRole") doesn't work.
Does anyone have an idea how to solve the issue of enriching an existing user identity on Blazor with roles coming from the server?
Any help is much appreciated.
thanks in advance.....
i got this error while connecting to my app with azure cloud via google authentication
"403. that's an error. error: disallowed _useragent this user- agent is not permitted to make on oauth authorization request to google as it is calssified as an embedded user- agent per our policy ,only browsers are permitted to make authorization request to google. we offer several libraries and samples for native apps to perform authorization request in the browser."
how to fix this error.....
This happens from last year because of a change in Google's security policy. The work around is to use Xamarin.Auth and use Interceptors in the native codes to catch the Authentication process. A good example is available in this following link Xamarin Authentication
class ActivityCustomUrlSchemeInterceptor : Activity
{
protected override void OnCreate(Bundle savedInstanceState)
{
base.OnCreate(savedInstanceState);
/* global::Android.Net.Uri uri_android = Intent.Data;
//#if DEBUG
// System.Text.StringBuilder sb = new System.Text.StringBuilder();
// sb.AppendLine("ActivityCustomUrlSchemeInterceptor.OnCreate()");
// sb.Append(" uri_android = ").AppendLine(uri_android.ToString());
// System.Diagnostics.Debug.WriteLine(sb.ToString());
//#endif
// Convert iOS NSUrl to C#/netxf/BCL System.Uri - common API
Uri uri_netfx = new Uri(uri_android.ToString());
// load redirect_url Page
AuthenticationState.Authenticator.OnPageLoading(uri_netfx);*/
var uri = new Uri(Intent.Data.ToString());
// Load redirectUrl page
AuthenticationState.Authenticator.OnPageLoading(uri);
this.Finish();
return;
}
}
I've got a nearly stock ASP.NET MVC template application from Visual Studio 2013. It was created using the following settings:
Create > Project > Web > ASP.NET Web Application > OK > MVC, Individual User Accounts > OK
I'm attempting to log in using the OWIN Google provider and having issues.
OWINs Configuration method looks like this:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
var google = new Microsoft.Owin.Security.Google.GoogleOAuth2AuthenticationOptions
{
ClientId = "xxxxx.apps.googleusercontent.com",
ClientSecret = "xxxxxxxxx-yyyyyyyyy"
};
google.Scope.Add("profile");
google.Scope.Add("email");
app.UseGoogleAuthentication(google);
I click the Google provider button on the web page, authenticate with google, get referred back to ExternalLoginCallback. At this point, the process breaks down at this line:
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
loginInfo is null, which redirects me back to the Login page without any visible errors.
I'm responding to an old question here, but for anyone in the future who may encounter this problem, the solution that worked for me was to enable the "Google+ API" using the API Manager from the Google Developers Console.
I notice in the asp.net 4.5 template, all the authorization samples besides google pass in secret and clientid. How can I pass in my google secret and clientid? Brock has a good discussion here that I'm following:
http://info.develop.com/blogs/bid/232864/ASP-NET-Using-OAuthWebSecurity-without-SimpleMembership#.UNuBh2_Adv9
The sample code is as follows that comes with the template.
internal static class AuthConfig
{
public static void RegisterOpenAuth()
{
// See http://go.microsoft.com/fwlink/?LinkId=252803 for details on setting up this ASP.NET
// application to support logging in via external services.
//OpenAuth.AuthenticationClients.AddTwitter(
// consumerKey: "your Twitter consumer key",
// consumerSecret: "your Twitter consumer secret");
//OpenAuth.AuthenticationClients.AddFacebook(
// appId: "your Facebook app id",
// appSecret: "your Facebook app secret");
//OpenAuth.AuthenticationClients.AddMicrosoft(
// clientId: "your Microsoft account client id",
// clientSecret: "your Microsoft account client secret");
// OpenAuth.AuthenticationClients.AddGoogle();
}
}
I had a look at the source code of the OAuthWebSecurity class.
The reason Google's authentication client doesn't need an AppId/AppSecret is because its implementation is using OpenId and NOT OAuth.
If you want to use OAuth with Google you'll have to write your own client (at least for right now).