When I am testing the samples in VS 2013 out the box, they work fine with localhost or when accessing from localhost - the cookie is generated fine and saved in domain localhost.
I then wanted to do some testing from iPad on Safari, so I enabled IP address access on IISExpress. When I access my test website via IP address 10.0.0.x:port, no cookie is provided.
I have the stock standard line:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
How can I "name" my cookie for MS Identity to use so that regardless of the browser domain name "localhost" "IP" or "XXXX" that it will still work?
I am not sure why this did not work initially. I am still playing around with this. But i changed the startup cookie config to (in Startup.Auth.cs):
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "ABC",
LoginPath = new PathString("/Account/Login"),
CookieName = "ABC"
});
And i then modified the following line in SignIn (IdentityModels.cs)
var identity = manager.CreateIdentity(user, "ABC");
And it started working.
Related
I have a legacy ASP.NET Web Forms application. It is at present using on-prem ADFS with Cookie Authentication and WSFederation protocol.
We want to move it to Azure AD. I want to know whether I need to change WSFederation protocol or it too works with Azure AD. Also, is it required to change Cookie Authentication?
Code from Startup.CS is as below:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
//interactive logon process
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
//name of the authentication type
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
//TODO: Enable this to always send and receive cookies in SSL when in production
CookieSecure = CookieSecureOption.Always,
//enable sliding expiration
SlidingExpiration = true,
//Cookie expires in 4 hours
ExpireTimeSpan = TimeSpan.FromTicks(DateTime.Now.AddHours(4).Ticks)
});
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
MetadataAddress = adfsMetadata,
Wtrealm = realm
});
Edited *
Code modified as below:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
//interactive logon process
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
//name of the authentication type
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
//Login path should be below
// LoginPath = new PathString("login"),
//TODO: Enable this to always send and receive cookies in SSL when in production
CookieSecure = CookieSecureOption.Always,
//enable sliding expiration
SlidingExpiration = true,
//Cookie expires in 4 hours
ExpireTimeSpan = TimeSpan.FromTicks(DateTime.Now.AddHours(4).Ticks)
});
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
MetadataAddress = AzureMetaData,
Tenant = Tenant,
Realm = Realm
});
Now it is throwing error:
System.ArgumentNullException: 'Value cannot be null. Parameter name:
allowedAudience'
Yes, Azure AD supports WS-Fed. Ref: Integrating a web app with Azure AD using WS-Federation
For allowedAudiences, the value of this field has to match what is in the "audience" field of the token that is being sent to your service. You can go to the Azure AD app registration for your service and look in the manifest at the "identifierUris" field. The value here should match the value that you put in the Allowed Token Audiences list.
You can also go to https://resources.azure.com/ > drill down into the App Service resource > config > authsettings and correct allowedAudiences value:
"allowedAudiences":[
"https://mysite.azurewebsites.net"
]
I'm using ASP.NET MVC 5 with cookie-based authentication. I want to make a change in user roles and enforce it right away, but roles don't change until a user logs out and back in.
How can I force all users to logout or to renew their identity cookie?
Turns out this is pretty easy. You can change the cookie name (default is ASP.NET_SessionId, source).
This causes the website to look for a different session cookie name, making the old cookies invalid.
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromDays(7),
CookieName = "[NewNameHere]",
});
}
So I am pretty much using the default MVC-template that includes OAuth authentication with facebook. But after authenticating I am getting an HTTP ERROR 500.
I am using OAuth Version 4.0. My ConfigureAuth looks like this:
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
// Local Login Cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/ExternalLogin"),
ExpireTimeSpan = TimeSpan.FromDays(3),
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Facebook
var facebookOptions = new FacebookAuthenticationOptions
{
AppId = "[MY APP ID]",
AppSecret = "[MY APP SECRET]",
CallbackPath = new PathString("/Account/ExternalLoginCallback"),
};
app.UseFacebookAuthentication(facebookOptions);
}
In my facebook app I have added https://localhost:44365/Account/ExternalLoginCallback to my valid OAuth Redirect URIs.
I have searched for an answer but couldnt find anything. What am I missing?
As of March 2018 Strict mode is enabled by default.
Add the following callback URIs in your facebook App settings:
http://localhost:44365/
http://localhost:44365/ExternalLoginCallback
http://localhost:44365/signin-facebook
I am trying to implement authentication using Azure AD. In the application setting I am setting the Reply URLs as https://example.com/myapp/login.aspx.
When I login it redirects me to https://example.com and not specified URL https://example.com/myapp/login.aspx
How can I make sure that it redirects at proper URL? Following is the code for Startup.
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = ConfigurationManager.AppSettings["owin:ClientId"].ToString(),
Authority = "https://login.microsoftonline.com/yz5036e3-2951-4c11-af4d-da019fa6a57d",
RedirectUri = ConfigurationManager.AppSettings["RedirectUri"].ToString()
});
}
How do you trigger the sign in flow? If you are following the samples and initiating the sign in by invoking Challenge as shown in https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect/blob/master/WebApp-OpenIDConnect-DotNet/Controllers/AccountController.cs, you might want to make sure that the RedirectUri in the AuthenticationProperties points to the URL you ultimately (as in, AFTER auth) want to land on.
I know, it's incredibly confusing - the RedirectUri property in the OIDC options point to the redirect you want to use in the auth protocol, the one on which you want to receive the auth token- and the one in the AuthenticationProperties is local URL you want to be redirected to after your exchange with the identity provider successfully concluded. The proerties have the same name for historical reasons.
In my case website was under virtual directory (converted in application). For login URL e.g. http://example.com/myapp/login.aspx, it was redirecting user to http://example.com. If I set RedirectUri as myapp/AfterLogin.aspx, it worked.
HttpContext.Current.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = "myapp/AfterLogin.aspx", },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
When migrating from FormsAuthentication to Identity I have some code that have :
return Redirect(FormsAuthentication.DefaultUrl);
In Identity I don't find this configuration (also I don't know why it was on FormsAuthentication in the first place) I'm going to change to
return Redirect("~/");
Is there any Identity configuration for this scenario or is just removed that functionability from identity ?
This is non-existing in Identity.
However when you do Identity configuration, you do stuff like this in Auth.Config.cs
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
// other stuff
}
See the LoginPath property set? that's the redirecting address that is now working the same way as FormsAuthentication.DefaultUrl, only you don't specify it in web.config.