search

aspnet / Identity

[Archived] ASP.NET Core Identity is the membership system for building ASP.NET Core web applications, including membership, login, and user data. Project moved to https://github.com/aspnet/AspNetCore
Apache License 2.0
1.96k stars 869 forks source link

OpenIdConnect doesn't sign-in user if Individual accounts is also configured. #1956

Closed yucelakpinar closed 5 years ago

yucelakpinar commented 5 years ago

Hello,

I'm new on asp.net core & asp.net identity, so that couldn't undestand what is happening on my app. I configured individual accounts on my app with adding services.AddIdentity<IdentityUser, IdentityRole>() on StartUp file and it works well. On another code branch I also configured Azure AD login with adding services.AddAuthentication().AddOpenIdConnect() on StartUp file (in this branch individual account is not added) and it works well too. Then I merge both branches which means that I want to use both authentications on my app, individual accounts still working, but Azure AD login doesn't working.

Here is my StartUp file.

public void ConfigureServices(IServiceCollection services)
{
        services
            .AddDbContext<ApplicationDataContext>(options =>
            {
                options.UseInMemoryDatabase("testdb");
            });

        services
            .AddIdentity<IdentityUser, IdentityRole>()
            .AddEntityFrameworkStores<ApplicationDataContext>();

        services
            .AddAuthentication(sharedOptions =>
            {
                sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
                sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            })
            .AddOpenIdConnect("myAzureAD", options =>
            {
                options.ClientId = "xxx";
                options.Authority = "https://login.microsoftonline.com/xxx";
                options.CallbackPath = "/signin-oidc";
                options.RequireHttpsMetadata = false;
            })
            .AddCookie();

        services.AddMvc();
}

Failed Case: After returning back to my web app from authentication on azure website, on /signin-oidc page 'Identity.External' cookie is added to the response, then this page make a 302 redirect to the my return-url, but on my return-url when I check the User.Identity.IsAuthenticated property, its value is False (which was True when individual account not configured on StartUp file)

Steps:

1.Forward client to azure authentication website with following code: public IActionResult LoginWithOpenId(string returnUrl) { return Challenge("myAzureAD"); } 2.Login on azure website. 3.Return back to callback path(/signin-oidc). 3.Callback page set the required cookies.('Identity.External') 4.Forwarded to return-url by 302 redirect from callback page. 5.Check User.Identity.IsAuthenticated is False.

Note:I hope someone can help me, I ask this question to stackoverflow.com but no give any answer :(.

Best Regards

blowdart commented 5 years ago

You can't have both, not the way you want. You have to have a way to trigger the login that you want. As you are wanting AAD and identity it becomes weird, AAD expects to be the sole source of user information, you don't double up or duplicate. This isn't a scenario we support with identity.