You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was an issue with the loginProvider property you get in the AccountController.GetExternalLogin method.
The problem is, that, when using OpenIdConnect, the provider is no constant value for all AAD users, but a unique name for each tenant. So it is https://sts.windows.net/
See: http://msdn.microsoft.com/en-us/library/azure/dn195587.aspx
So I had to motify the AccountController, the appsecurity.js and the externalloginconfirmation.js a little.
In the AccountController I needed to weaken the comparison between provider and externalLogin.LoginProvider.
In the appsecurity.js I needed to urlEncode the loginProvider
and of course in the externalloginconfirmation.js I needed to urlDecode the loginProvider
Although I doubt that this is the optimal solution, at least it works.
I do not know how to get the name of the tenant by id to beautify the "manage account" view which otherwise shows the ugly link "https://sts.windows.net/"
To use it you simply need to follow the instructions of the first link to link your web-application to Azure Active Directory (I think it was step 2) and then set the properties in web config
<add key="ida:AADInstance" value="https://login.windows.net/{0}" />
<add key="ida:Tenant" value="{your tenant e.g.: contoso.onmicrosoft.com}" />
<add key="ida:ClientId" value="{your clientid which is a GUID without brackets" />
<add key="ida:PostLogoutRedirectUri" value="https://localhost:44301" />
Do you have any thoughts on that?
Also, please note that the OpenIdConnect library I use is still a prerelease and in order for it to work, I needed to add all the other OWIN dlls as prerelease as well!
Unfortunately, as I just found out - changing the dependencies to the prerelease dlls lead to a terrible bug:
Once you've authenticated, you get redirected to the externalloginconfirmation view.
Pressing "confirm" in that view leads to an error that seems to be caused by a bug in OWIN:
On the serverside, you get several InvalidOperationExceptions and the "RegisterExternal" method is never called. The message text is "Additional information: Unable to read the entity body. A portion of the request stream has already been read."
So your registration is stuck at this point. Maybe we should wait until they fix that problem.
As for https://aspnetwebstack.codeplex.com/workitem/1679 the bug is already fixed but not yet released.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I followed the examples
https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet
and
http://blogs.msdn.com/b/webdev/archive/2014/03/28/owin-security-components-in-asp-net-openid-connect.aspx
in order to add Azure Active Directory Authentication to my DurandalAuth site and thought this might be useful for somebody.
There was an issue with the loginProvider property you get in the AccountController.GetExternalLogin method.
The problem is, that, when using OpenIdConnect, the provider is no constant value for all AAD users, but a unique name for each tenant. So it is https://sts.windows.net/
See: http://msdn.microsoft.com/en-us/library/azure/dn195587.aspx
So I had to motify the AccountController, the appsecurity.js and the externalloginconfirmation.js a little.
Although I doubt that this is the optimal solution, at least it works.
I do not know how to get the name of the tenant by id to beautify the "manage account" view which otherwise shows the ugly link "https://sts.windows.net/"
To use it you simply need to follow the instructions of the first link to link your web-application to Azure Active Directory (I think it was step 2) and then set the properties in web config
Do you have any thoughts on that?
Also, please note that the OpenIdConnect library I use is still a prerelease and in order for it to work, I needed to add all the other OWIN dlls as prerelease as well!