search

Azure-Samples / active-directory-dotnet-webapp-webapi-multitenant-openidconnect

A sample .NET 4.5 MVC SaaS web app that signs-up and signs-in users from any Azure AD tenant, and calls the Azure AD Graph API.
66 stars 45 forks source link

AAD integration works locally but not when deploying app on Azure #35

Closed devedse closed 6 years ago

devedse commented 6 years ago

I just setup a new Azure Active Directory and added some users to it. I created a new MVC application and enabled multi-tenant authentication for this project.

If I now run the project I can login using an account from the Active Directory.

I then ran into 2 problems:

  1. When I deployed the application to Azure using an AzureRM script from VSTS I ran into the issue that the application that's hosted in Azure kept redirecting met to http://localhost:44333/ which ofcourse was my local instance of the website. After doing some searching I managed to fix this by editing the manifest of the application that was automatically created during the creation of the MVC application.

I changed the HomePage url to my Azure url and I also changed the redirect URL to the same Azure URL.

Now the real issue popped up:

  1. Whenever I now browse to the website, I correctly see the login prompt and can login with my Azure AD account. However when I click on the last "Next" button it starts loading for a few minutes. After that I get redirected to the Error page of my MVC application.

I did some investigation by enabling remote debugging and managed to trace it down to the following call (I did verify that all parameters provided are exactly the same as when running it from my local machine):

AuthenticationContext authContext = new AuthenticationContext(aadInstance + tenantID, new ADALTokenCache(signedInUserID));

This call takes about a minute and then the code resumes in the following function:

AuthenticationFailed = (context) =>
{
    context.OwinContext.Response.Redirect("/Home/Error");
    context.HandleResponse(); // Suppress the exception
    return Task.FromResult(0);
}

When checking the context parameter I can see the following error:

A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 52 - Unable to locate a Local Database Runtime installation. Verify that SQL Server Express is properly installed and that the Local Database Runtime feature is enabled.)

I've already tried recreating the application, manually creating a webapi application in the AD, changing the redirect urls, setting some booleans to true in the application manifest on the AD, etc. but nothing seems to change anything.

picture

devedse commented 6 years ago

I finally managed to fix the issue :smile:. The reason was that apparently there's a database required for doing the authentication. I setup a database in azure, updated the connection string and then it worked.