aspnet / aadintegration Goto Github PK

We should a have a smoke test that verifies that pages can be hit when the libraries are added and another test that verifies that pages can not be hit when the library is not present.

This can be done after preview2

I have a lightweight ASP.NET Core Web API project. It has no front end, and thus doesn't need most of what is bundled with the Microsoft.AspNetCore.Mvc package. I can generally use Microsoft.AspNetCore.Mvc.Core package instead.

Except that I need AAD authentication, and when I pull in Microsoft.AspNetCore.Authentication.AzureAD.UI it takes Microsoft.AspNetCore.Mvc as a dependency...

Looking through the code, it seems like there are some controllers and pre-compiled Razor views being included, so I understand why you need the full Mvc package to support those.

It would be great if you could split out the core AAD auth from the UI components, such that those of us who don't need the UI don't need to take the dependency on the big Mvc package. Something like this perhaps:

• Microsoft.AspNetCore.Authentication.AzureAD.UI
  • Microsoft.AspNetCore.Mvc
  • Microsoft.AspNetCore.Authentication.AzureAD.Core
    • Microsoft.AspNetCore.Authentication.Cookies
    • Microsoft.AspNetCore.Authentication.JwtBearer
    • Microsoft.AspNetCore.Authentication.OpenIdConnect

Thanks.

From @blowdart on September 17, 2018 18:38

From @jatingandhi28 on September 17, 2018 9:38

File name - AzureAdAuthenticationBuilderExtensions.cs
[Note this code has moved here].

        public void Configure(string name, JwtBearerOptions options)
        {
            options.Audience = _azureOptions.ClientId;
            options.Authority = $"{_azureOptions.Instance}{_azureOptions.TenantId}";
        }

However It should be

        public void Configure(string name, JwtBearerOptions options)
        {
            options.Audience = _azureOptions.AudienceId;
            options.Authority = $"{_azureOptions.Instance}{_azureOptions.TenantId}";
        }

Copied from original issue: dotnet/aspnetcore#3538

Copied from original issue: aspnet/Security#1859

This is required for getting the token to call the API as mentioned here: https://github.com/Azure-Samples/active-directory-b2c-dotnetcore-webapp

@pranavkm

I am trying to solve the same problem as described in here: #52

but it keeps addind SameSite.Lax. Here's what I've configured on my Startup.cs:

            services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
                .AddAzureAD(options => {
                    Configuration.Bind("AzureAd", options);
                })
                .AddCookie(options=>
                        options.Cookie.SameSite = SameSiteMode.None
                    );

...

        app.UseCookiePolicy(new CookiePolicyOptions
        {                
            MinimumSameSitePolicy = SameSiteMode.None
        });

Is there any other place that needs the same setting?

When logging into a site using Azure AD B2C Auth flow on IOS 12 I get caught in an infinite loop between my site and login.microsoft.com.

The application works fine on other browsers and operating systems.

I believe the issue may be related to:

• https://social.msdn.microsoft.com/Forums/en-US/5f0aa4a8-9bfe-4be2-a366-77e6939ae36d/ios-12-safari-breaks-aspnet-core-21-oidc-authentication?forum=WindowsAzureAD&prof=required
• https://bugs.webkit.org/show_bug.cgi?id=188165
• https://hajekj.net/2018/08/31/beware-of-samesite-cookie-policy-in-asp-net-core-and-upcoming-ios-12/

As an interim fix I have set o.Cookie.SameSite = SameSiteMode.None; but this seems like a pretty suboptimal approach.

Is there a better solution?