search

ElectronNET / Electron.NET

:electron: Build cross platform desktop apps with ASP.NET Core (Razor Pages, MVC, Blazor).
https://gitter.im/ElectronNET/community
MIT License
7.27k stars 724 forks source link

Authentication through Azure AD (Microsoft EntraID) does not work #850

Open ThomasStarnes opened 4 months ago

ThomasStarnes commented 4 months ago

I'm working on a Blazor Server app and have been tasked with creating a desktop version of the app. I have been trying to use Electron.NET, but I am running into issues when authenticating through Azure AD while using Electron.NET. I'm receiving the following error:

stdout: fail: Microsoft.AspNetCore.Server.Kestrel[13] Connection id "0HN2V44AL6L5H", Request id "0HN2V44AL6L5H:00000002": An unhandled exception was thrown by the application. System.Exception: An error was encountered while handling the remote login. ---> System.Exception: Correlation failed. --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication1 application)

When I remove the authentication service, or I do not use Electron, it works. It seems to be caused by the cookie "SameSite=None" since the secure cookie is not set to secure.

I have tried adding a cookie policy to the app service by using the following: app.UseCookiePolicy(new CookiePolicyOptions { MinimumSameSitePolicy = SameSiteMode.Lax }); but this did not fix my issue. I also tried adding it to the authentication service: builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddCookie(options => { options.Cookie.SameSite = SameSiteMode.Lax; }).AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAD")); but this also did not work

Steps to Reproduce:

  1. Register an app on Azure -> Microsoft EntraID
  2. Add Azure AD authentication to the app builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAD"));
  3. Run app and log in via Microsoft account.
  4. Set up electron
  5. Run app again and receive error message instead of login screen
umitkara commented 4 months ago

Hi. Having the same issue with OIDC and IdentityServer4 instead of AzureAD.

LapinskasL commented 3 months ago

@umitkara Did you ever solve your issue?

umitkara commented 2 months ago

@umitkara Did you ever solve your issue?

Hi. Sorry for late response. Unfortunately no.