Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure AD B2C and Blazor Web App Net8 Authentication #50725

Closed
1 task done
WakeUpHugo opened this issue Sep 15, 2023 · 6 comments
Closed
1 task done

Azure AD B2C and Blazor Web App Net8 Authentication #50725

WakeUpHugo opened this issue Sep 15, 2023 · 6 comments
Assignees
@halter73
Labels
area-identity Includes: Identity and providers feature-authentication ✔️ Resolution: Duplicate Resolved as a duplicate of another issue Status: Resolved
Milestone
8.0.0

Comments

@WakeUpHugo
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

I have tried configuring azure ad b2c with the new Blazor Web App in Net 8 RC1 , following the same process I would do with net6 or 7, but I seem to fail.

Is this not available for testing in net8 and blazor?

Describe the solution you'd like

To be able to integrate with B2C in the same way as net7.

Additional context

No response
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-blazor Includes: Blazor, Razor Components label Sep 15, 2023
@AlexCastroAlex
Copy link

Same here.
I tested .NET 7.0 server project and works like a charm.
Then i created a .NET 8.0 RC1 Blazor Web App with Audience but it does not work.
I can log to my tenant but the return url writes me an error :
Error: IDX40001: Issuer: 'https://myadb2c.b2clogin.com/mytenant/v2.0/', does not match any of the valid issuers provided for this application.

@DevyDevly
Copy link

DevyDevly commented Sep 22, 2023
edited
Loading

The same problem exists trying to connect to B2C with just a vanilla ASP.NET Core web app.
Works in the latest .NET7 project, but not .NET8 RC1.

In RC1 the app fires up and I can proceed through Sign In (correctly), but an authentication failure is always returned:

"IDX40001: Issuer: 'https://mytenant.b2clogin.com//v2.0/', does not match any of the valid issuers provided for this application.

{
  "AzureB2C": {
    "Instance": "https://mytenant.b2clogin.com/",
    "Domain": "mytenant.onmicrosoft.com",
    "TenantId": "<tenant id guid>",
    "ClientId": "<client id guid>",
    "ClientCapabilities": [ "cp1" ],
    "CallbackPath": "/signin-oidc",
    "SignUpSignInPolicyId": "B2C_1A_MY_SIGNIN_TOTP",
    "SignUpPolicyId": "B2C_1A_MY_SIGNUP_TOTP",
    "SignInPolicyId": "B2C_1A_MY_SIGNIN_TOTP",
    "SignedOutCallbackPath": "/signout/B2C_1A_MY_SIGNIN_TOTP",
    "ResetPasswordPolicyId": "B2C_1A_MY_PASSWORDRESET_TOTP",
    "ChangePasswordPolicyId": "B2C_1A_MY_PASSWORDCHANGE_TOTP",
    "EditProfilePolicyId": "B2C_1A_PROFILEEDIT",
    "EnablePiiLogging": true
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}

var builder = WebApplication.CreateBuilder(args);
var configManager = builder.Configuration;

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureB2C"));

builder.Services.AddAuthorization(options =>
{
    options.FallbackPolicy = options.DefaultPolicy;
});
builder.Services.AddRazorPages()
    .AddMicrosoftIdentityUI();

var app = builder.Build();

if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseRouting();

app.UseAuthentication();

app.UseAuthorization();

app.MapRazorPages();
app.MapControllers();

app.Run();

@AlexCastroAlex
Copy link

AlexCastroAlex commented Sep 22, 2023
edited
Loading

This is a workaround i made just to wait for a fix.
The fix consists to force the issuer value but not clearly the cleanest :(

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(options =>
    {
        builder.Configuration.Bind("AzureAd", options);
        // Restrict users to specific belonging to specific tenants
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidateAudience = true,
            ValidateLifetime = true,
            ValidIssuers = new string[] {$"{builder.Configuration.GetValue<string>("AzureAd:Instance")}/{builder.Configuration.GetValue<string>("AzureAd:TenantId")}/v2.0/" },
            ClockSkew = TimeSpan.FromSeconds(15),
            // 15 seconds tolerance for the expiration date instead of the 5 minutes default
            //NameClaimType = "name"; // eventually validate that the name Claim is present
        };
    });

@DevyDevly
Copy link

DevyDevly commented Sep 22, 2023
edited
Loading

Many thanks for the workaround @AlexCastroAlex !
:)

@mkArtakMSFT mkArtakMSFT added Docs This issue tracks updating documentation feature-authentication labels Sep 28, 2023
@mkArtakMSFT mkArtakMSFT added this to the 8.0 milestone Sep 28, 2023
@wtgodbe wtgodbe modified the milestones: 8.0, 8.0.0 Oct 3, 2023
@halter73
Copy link
Member

halter73 commented Nov 1, 2023

This is a duplicate of #51005 which has now been fixed.

@halter73 halter73 closed this as completed Nov 1, 2023
@halter73 halter73 added ✔️ Resolution: Duplicate Resolved as a duplicate of another issue area-identity Includes: Identity and providers and removed Docs This issue tracks updating documentation area-blazor Includes: Blazor, Razor Components labels Nov 1, 2023
@ghost ghost added the Status: Resolved label Nov 1, 2023
@halter73 halter73 modified the milestones: .NET 8: Documentation, 8.0.0 Nov 1, 2023
@moshali1 moshali1 mentioned this issue Nov 21, 2023
Closed
@jaliyaudagedara
Copy link

jaliyaudagedara commented Nov 22, 2023
edited
Loading

@halter73, I am still seeing the same issue:

Bearer was not authenticated. Failure message: IDX40001: Issuer: 'https://something.b2clogin.com/<tenantId>/v2.0/', does not match any of the valid issuers provided for this application.

I am on .NET 8 and Microsoft.Identity.Web: 2.15.5

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApi(Configuration, "AzureAdB2C");

@jaliyaudagedara jaliyaudagedara mentioned this issue Nov 22, 2023
Closed
1 task
@ghost ghost locked as resolved and limited conversation to collaborators Feb 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@halter73 halter73

Labels
area-identity Includes: Identity and providers feature-authentication ✔️ Resolution: Duplicate Resolved as a duplicate of another issue Status: Resolved
Projects
None yet
Milestone
8.0.0
Development

No branches or pull requests
7 participants
@halter73 @jaliyaudagedara @wtgodbe @mkArtakMSFT @AlexCastroAlex @DevyDevly @WakeUpHugo