I am trying to integrate Microsoft account login to my ASP.NET Core application. I have setup a microsoft application in the Microsoft Application Registration portal with the given redirect URI.
Here is a snippet from the Startup.cs file.
// Add external authentication middleware below. To configure them please see http://go.microsoft.com/fwlink/?LinkID=532715
app.UseMicrosoftAccountAuthentication(new MicrosoftAccountOptions()
{
// I can't post my secrets here
ClientId = "my_client_id",
ClientSecret = "my_client_secret"
});
When I run the app and login via Microsoft, I get redirected to the Microsoft Login page.
It has the following query parameters (with the id's removed)
client_id:my_client_id
scope:https://graph.microsoft.com/user.read
response_type:code
redirect_uri:https://localhost:44328/signin-microsoft
state:the_state
When I sign in with my microsoft personal account, I got redirected to an error page instead.
The URL says The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+'https://login.live.com/oauth20_desktop.srf'+or+a+URL+which+matches+the+redirect+URI+registered+for+this+client+application
I verified that my redirect URL in the microsoft app is exactly the same as the redirect url passed to the Microsoft log in page so I don't know what's the issue.
Another weird thing though if I log in using a Work or School account, I can proceed properly and it redirects me to the callback page.
Can anyone please help me on this? Thank you.
Double check if you are using latest version of authentication middleware in your project (there was few changes few week ago due to changes in MS OAuth - now v2 it's in use).
Double check if you have created app under new v2 endpoint - read more here: How to register an app with the v2.0 endpoint.
Double check if you have created password for your app on Microsoft Site.
Check Live SDK support option in 'Advenced' section - this should be enabled (at least in my case, but look like this doesn't help in your).
Here you can find more information:
Microsoft account is experiencing technical problems. Please try again later. (GitHub #827)
External login via Microsoft Account failed on RC2/RC3 (GitHub #866)
Enabling authentication using external providers
Update:
Ok, I see now - you have two things:
missing https (ssl), see this post,
different port number - it means that is different url and this is reason of your problem - you'r using different url than registered with your app:
http://localhost:54554/signin-microsoft - registred in app
https://localhost:44328/signin-microsoft - form your error message
I have the same problem.
I use Microsoft Oauth 2.0 to solve this problem. You can find MVC .net sample at https://azure.microsoft.com/en-us/documentation/articles/active-directory-appmodel-v2-overview/
Related
I need to set up my .Net 5 web app so that it can connect to a SAML 2.0 login server at this internal site: [login.antares.eng.edu].
I am using this library to help me: https://www.itfoxtec.com/IdentitySaml2
I followed the directions on that site and added the required code to my Startup.cs and added an AuthController.cs controller,
but now I am unsure of how to proceed next.
To try and educate myself on how to work with SAML, I loaded up a website at
[starmaps.cosmos.n.edu] that I know uses the same SAML 2.0 login server that I need to use [login.antares.eng.edu].
When I first load the website, starmaps.cosmos.n.edu, it automatically goes to the SAML server at: login.antares.eng.edu
Using the browser developer tools, I can see the following is being sent:
https://login.antares.eng.edu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=aZZAbsIwEEV%2FJwI%2BcUh5pWQgUVBVJNpGhHbRTWWcASwltuaZ9PH3dYBWdNOVrdHc11NnPEbZ1E4MWjqYNby3gBQsFxP2msut2g3VVZzK4SDu96GK81F6He%2F6w1GeVpm82gKLnsGjtmbCsiRl0RKxhaVBkoZCKc2yuNeLs3zTuxaDXKSjJO2%2FsGgRHtFG0lF4IHIoOHcS0VlPidNECVQt15XjztudroGXs%2FtVxtdQaQ%2BKeFk%2BsujWegVH8AnbyRqhAyiCjX6H30rhLVll6xttKm32E9Z6I6xEjcLIBlCQEp25CAHE9tSE4m6zKeLisdywaIYIvkOdW4NtA74E%2F64VPK1XF%2FAd88EiQZU4aawjmyjb8YT0D%2BcekHesfRT52iQS3SeLPpvaoDhu4H6wd02BpuOuWxwH7S%2F0%2F4vlTwY1LQLpmWrML3xOxk21BPFyUdhaq69oVtf2Y%2B5RRhgo%2BTbMk09Psr9fZvoN&RelayState=https%3A%2F%2Fstarmaps.cosmos.n.edu%2FMapperRun%2FPages%2FMain.aspx
I am not exactly sure what is going on, but I need my web app to do the same.
How can I get my web app using the ITfoxtec library to do this?
Thanks!
You need to decorate the controller or action with the [Authorize] attribute to require authentication and automatically start the login sequence.
Like this in the sample:
https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/blob/master/test/TestWebAppCore/Controllers/HomeController.cs#L15
Alternatively, you can add this requirement generally in Startup.cs/Program.cs.
I am currently using Auth0 with Loc7 in Angular and an ASP .Net Web API v2.
The project works fine locally. The user can log in using the widget and the API sees the User as authorised with no issue.
When the app is published the API returns 401 unauthorised when a call is made.
There is no issue with Angular app no matter where on the web space it is placed so I do not believe it is an issue with the Allowed Callback URLs in the Auth0 dashboard.
The config works fine locally and there are no major changes when being published except the database connection string.
The database is an exact copy of the local database.
The API MVC Template works fine but does not do anything aside from load and show routes. I have not changed the template since it was generated.
There are no errors on the server.
The API is in a newly created app directory on the server.
Auth0 Dash reports the login from the Angular code successful. The profile is returned with a valid token viewed through the dev console.
Has anyone else had a similar issue? Could this be an issue with how the hosting is set up?
Happy to post more info, I am not really sure what to post it is a fair amount of code.
I just created a webform that is hosted in my Azure subscription. I set it up with authenication via my works Azure directory for authenticating users. In debug this works fine and I am able to login with my work credentials and then view the website via local host.
I have published this to my Azure and it says it is running and working fine. So when I try to connect to the website it continuously redirects me to the localhost resulting in an error.
I have checked the web config.
Here is the google network chain of events when it occurs.
I am really lost as to what is wrong and what I need to do to fix this so any help would be greatly appreciated. I'm sorry I can't offer more but I don't even know what is wrong to begin with or where to look. Is there some setting in Azure that I need to add the website too?
I have solved this issue. Since it was such a pain I will keep this up as I couldn't find any answers on this. It was actually quite simple.
You have two options. The one I did and which worked was changing the publish profile as below:
Add the domain where the authentication is occurring. So if you have your web app hosted by a different azure account that which is authenticating the users, use the one that is authenticating.
This will create two versions of your app on the site one for local host and one for the actual site.
The second option(I have not tried this but it should work) is to go to the Azure account where you are authenticating the users and go to applications and then configure. Change the APP URL from local host to the url you are trying to get to.
Here is an excellent link that explains how to do this clearly.
Click this link for detailed explanation
I also had this issue and took these steps to resolve
navigate to the app registration in AAD
Open the manifest
Change the ReplyUrl to the url of the app (e.g. http://appname.azurewebsites.net)
Then I got the error
Bad Request - Request Too Long HTTP Error 400. The size of the request headers is too long.
Next I cleared all cookies from the browser, and this changed the error to just
Bad Request
So I went back to that ReplyUrl and changed it to https://appname.azurewebsites.net/.auth/login/aad/callback and now it appears to work.
Note I also had to make sure I didn't have the site open in any other tabs before it started working
I had this issue when I switched an app from our company Azure over to a customer's Azure. In my case I'd forgotten to update the ida:ClientId, ida:AADInstance and ida:TenantId, which then meant that the value I'd set for ida:PostLogoutRedirectUri was ignored (I think) and instead my app redirected to localhost.
Once I changed those ida values to the values from the app settings and subscriptions settings on our customer's Azure it all worked as expected.
It took a while to track down all the values in Azure portal as they are all called something different, or aren't named at all:
ClientId can be found at Azure Active Directory > App Registrations > YourAppName. It's called 'Application ID' in Azure
Domain can be found on Azure Active Directory > Overview. It's currently in the top left in the format somename.onmicrosoft.com
TenantId this is the Azure AD instance ID, get that from Azure Active Directory > Properties and then it's called 'Directory ID'
I spent a lot of time trying to work out where the localhost port that was being redirected to was in the code, but it simply isn't there as far as I can see, so I have no idea how Azure was choosing what localhost address to redirect to!
You need to set another parameter in configuration that is replyUrl and assign to your web app, other wise it takes the url from which it was originated.
I was able to fix this by changing my Startup.Auth.cs file redirectUri from "https://localhost:44316/" to https://myapp.com/
While using Windows Organizational authentication in the ASP.net MVC project, I am unable to access the /Manager portion of PirahnaCMS. Whenever I attempt to login, it just redirects back to the login page. Is there a solution to this problem, or a workaround?
Someone asked this question, but no one posted a solution: How to get to Dashboard
Best Regards,
Saad
The Piranha CMS manager uses forms authentication. If you've configured another form of authentication in your main web.config the manager login won't work. In the upcoming version (2.3.0) the authentication mechanism will be replaceable, but in the current version the manager needs forms authentication.
You have two possible solutions:
1) Try configure the manager area to use Forms authentication by adding a separate web.config to this area.
2) Set the "front-application" to run in passive mode, i.e. disable the manager. Add a different web without the front-end and just the manager pointing to the same database.
Regards
HÃ¥kan
I have been trying for the last couple of days to get the ACS integration for my identity providers. The main ones work, Google, Yahoo!, and Live, but I cannot get Facebook to work with my localhost dev environment. Also Facebook has changed their Apps Configuration Pages and I am confused.
Does anyone know the updated Step by Step for configuring ACS and Facebook to work together? My url is: http://localhost/webapp1/
I have been looking through all the posts but since things have changed, the old answers do not seem to work. I know it must be either on one of the setup pages in Azure ACS or in Facebook Apps Setup or a problem with my web.config. I would greatly appreciate all help.
I had a similar problem when I setup ACS for Facebook and ran it from my local machine. I had erroneously setup my application on Facebook, while my Azure ACS configuration was actually correct. I was using 'localhost/myapp' on the Site URL setup field on the Facebook site but I needed to change it to use the full ACS namespace for my application: (Your specific namespace will vary, please check your ACS settings for details)
I noticed you mentioned that your URL was: "http://localhost/webapp1/", I am not sure if this was your specific problem but hopefully this saves someone else a bit of time.
This should work (see Facebook API error 191 for an older example)
Check your domain is configured correctly in the app settings, the URL used much match what you've told Facebook you'll be using.