A sample showcasing how to develop a web application that handles sign on via the unified Azure AD and MSA endpoint, so that users can sign in using both their work/school account or Microsoft account. The sample also shows how to use MSAL to obtain a token for invoking the Microsoft Graph, as well as incrementental consent.
MIT License
171
stars
72
forks
source link
Issue with Authentication.Challenge not respecting properties in OWIN #91
I'm encountering an issue with the OWIN authentication process where the authenticationProperties provided to Authentication.Challenge do not seem to influence the outcome as expected.
In this sample, the /Home/ReadMail route is supposed to check if the required scopes are included in the token. If not, our ChallengeUser method adds these scopes to authenticationProperties.Dictionary and triggers an authentication challenge. However, despite confirming that authenticationProperties.Dictionary contains the necessary values, the authorization request always defaults to the initially specified scopes, resulting in a continuous redirect loop.
Furthermore, the public documentation implies that the [AuthorizeForScopes] attribute should be available in ASP.Net Framework, it seems that the attribute can not be used in ASP.Net Framework.
I'm encountering an issue with the OWIN authentication process where the
authenticationPropertiesprovided toAuthentication.Challengedo not seem to influence the outcome as expected.In this sample, the
/Home/ReadMailroute is supposed to check if the required scopes are included in the token. If not, ourChallengeUsermethod adds these scopes toauthenticationProperties.Dictionaryand triggers an authentication challenge. However, despite confirming thatauthenticationProperties.Dictionarycontains the necessary values, the authorization request always defaults to the initially specified scopes, resulting in a continuous redirect loop.Furthermore, the public documentation implies that the
[AuthorizeForScopes]attribute should be available in ASP.Net Framework, it seems that the attribute can not be used in ASP.Net Framework.https://learn.microsoft.com/en-us/entra/identity-platform/scenario-web-api-call-api-acquire-token?tabs=aspnet
How to ensure the authentication properties are properly respected and why the
[AuthorizeForScopes]attribute might be missing?Thank you for your assistance.