Remote Authentication to ASP.NET running in Azure App Services Does Not Appear to Work - User return is always not logged in, IsAuthenticated flag is False

[keitharowe]

Describe the bug

When the ASP.NET web forms application using standard forms authentication under an Azure App Service, Remote Authentication does not return the logged in user; always returns False for IsAuthenticated.

However, when running under localhost for both applications (ASP.NET and .NET Core) Remote Authentication works perfectly.

To Reproduce

Got the sample ASP.NET Framework application running (painfully) from here: https://github.com/dotnet/systemweb-adapters/tree/main/samples/RemoteAuth/Forms/FormsAuth

Configured my ASP.NET Core 8 project with the following:

builder.Services.AddSystemWebAdapters() .AddRemoteAppClient(options => { options.RemoteAppUrl = new(remoteAuthenticationAppUrl); options.ApiKey = remoteAuthenticationAppKey; });

Under localhost the Remote Authentication works without issue. When the ASP.NET Forms Authentication is running in Azure App Services, this does not work.

Exceptions (if any)

No exceptions can be found, so far as I can tell.

Further technical details

I have my .NET Core app running locally and the sample Forms Applicaiton above running locally AND my very large legacy running locally application everything works. Great!

However, when running my .NET Core app locally connecting to the Forms Application in Azure App Service (either the sample app or my legacy app), the Remote Authentication does not work. The returned user is flagged as not logged in (IsAuthenticated = false).

I've even setup by .NET Core App as a container app and it is still not returning the authenticated user.

I can see communication is working as the forwarded headers are returned (from the ASP.NET webforms app).

Help

What's the best method to troubleshoot this behavior?

I'd be happy to privately share production URLs.

Please include the following if applicable:

ASP.NET Framework Application:

• Technologies and versions used (i.e. MVC/WebForms/etc): WebForms
• .NET Framework Version: 4.7.2 (from the sample) 4.8 (from my legacy application)
• IIS Version: IISExpress locally, Azure AppService
• Windows Version: Not sure what version Azure App Services are using

ASP.NET Core Application:

• Targeted .NET version: .NET 8
• .NET SDK version: 1.3.2

[keitharowe]

Ok, this was my misunderstanding of how the flow is intended to work. I went back and reviewed the sample for the ASP Core app and see that the proxy YARP is required to authenticate the user between the two applications. As such, I was able to get both samples running as in Azure as app services and functioning as expected.

Strange that without YARP on localhost that it works properly; I suspect it has to do with the Forms authentication cookie however a moot point.