0

I have a .NET Core 2.2 / Angular 10 app where I want to implement an Azure AD login. The app already has a simple user/password login using JWT:

 services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        }).AddJwtBearer("Default",options=>
....
  options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = true,
                ValidateAudience = true,
                ValidateLifetime = true,
                ValidateIssuerSigningKey = true,
                ValidIssuer = Configuration["SecurityKeyIssuer"],
                ValidAudience = Configuration["SecurityKeyAudience"],
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecurityKey"]))
            };

Now I tried adding this:

 .AddJwtBearer("AzureAD",opt =>
        {
            opt.IncludeErrorDetails = true;
            opt.Authority = Configuration["ActiveDirectory:Authority"];
            opt.Audience = Configuration["ActiveDirectory:Audience"];
...
 
services
        .AddAuthorization(options =>
        {
            options.DefaultPolicy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .AddAuthenticationSchemes("Default", "AzureAD")
                .Build();
        });

I tried several variations of this, like hardcoding the authority etc. in different formats. I get to the login page where I'm able to log in using the default user/password authentication, but after that every page only shows me this 500 error:

enter image description here

Even after I commented out all the new configs. When I remove the AzureAD authentication scheme, it works normally again. Any suggestions?

Of course I registered the app and used the info from the Azure AD page.

Also, when trying this:

services.AddAuthentication("MyAuthenticationScheme")
      .AddMicrosoftIdentityWebApp();

It says:

Severity Code Description Project File Line Suppression State Error CS1061 'AuthenticationBuilder' does not contain a definition for 'AddMicrosoftIdentityWebApp' and no accessible extension method 'AddMicrosoftIdentityWebApp' accepting a first argument of type 'AuthenticationBuilder' could be found (are you missing a using directive or an assembly reference?) JI.Infopool.WebApp C:\Projekte\JI.Infopool - master\JI.Infopool.WebApp\Startup.cs 56 Active

Although I've included the NuGet Package Microsoft.Identity.Web

Improve this question
0

1 Answer 1

Reset to default
0

1.Initially please check if the login request to microsoft was locked by the firewall.

2.Make sure appsettings.json values are correct.

"AzureAd": {
  "Instance": "https://login.microsoftonline.com/",
  "Domain": "<azure ad domain>",
  "TenantId": "<azure ad tenant id>",
  "ClientId": "<backend app id>"
}

In Startup.cs

Check the following code in ConfigureServices()

    public void ConfigureServices(IServiceCollection services)
    {
        //services.AddControllersWithViews();
///
//
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddMicrosoftIdentityWebApi(Configuration, "AzureAd");
        services.AddAuthorization();

        ...
    }

In configure() method make sure you have these

        app.UseAuthentication();
        app.UseAuthorization();

Reference: using openidconnect-with-azure-ad-angular and core webapiconfiguration

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.