I am creating a Meteor App and am going through the process of deploying through Azure Web App services. I am using the azure-demeteorizer package in order to do so and am not running into any troubles there. I am also using the accounts-azure-active-directory package to enable users within my organization the ability to login to the application.
All of this currently works on localhost, but when I upload to my Web App I get to the login page and when I click login the screen just goes white and doesn't sign me in.
Below are a couple screenshots of the process I am describing.
Clicking the 'sign in' button
White Screen after signing in
EDIT:
I have enabled the permissions to sign in on my web app (cannot post another picture due to not enough reputation). imgur.com/nXzPo59 (permissions picture)
you have to add you app to your azure active directory , then give it the acces
Alright after going back and forth with the Microsoft NodeJS team we found the issue and the solution.
The issue was that OAuth2.0 + Web App + Active Directory creates some sort of limit on url strings where that limit is 1024 characters. Sometimes your app's authentication token will cause the url to exceed this limit giving you this mysterious 404 error.
The solution for this is to navigate to your KUDU console and go to site>wwwroot>web.config and edit that. Add the missing line <requestLimits maxQueryString="20000"/> inside the <requestFiltering> tag.
Related
So I'm working on a project to redeploy an application that was previously hosted as an Azure Mobile Service as an Azure Mobile App. Said application has a frontend (hosted as a Web App in Azure) and backend API (this is the Mobile App) that is called directly from the frontend's javascript. The upgrade had been going well up until I started working on the Microsoft Account Authentication piece. Following the instructions at...
https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-net-upgrading-from-mobile-services
https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-how-to-configure-microsoft-authentication
...got things mostly rolling. My application has been registered in the Microsoft Account Developer Center, I specified a Redirect URI following the 'https://{{my_backend_mobile_app_name}}.azurewebsites.net/.auth/login/microsoftaccount/callback' format, I configured the Microsoft Authentication/Authorization in the appropriate blade of my mobile app in Azure using the ClientId/Secret from the Microsoft Account Developer Center. Things go mostly well when I test it out: I can go to the frontend of my application and click on the 'Sign In' button, a new window opens with Microsoft's Login.Live site where I am prompted to login with a Microsoft account, I do so successfully and am redirected to the Redirect URL specified in the Microsoft Account Developer Center and it has Code and State values appended in the query string.
However, the page that is shown when I get redirected there is a 'You do not have permission to view this directory or page'. If I copy the URL, open a new tab, paste it in and hit enter it takes me to a 'You have successfully signed in' page. But neither way takes me back to the frontend of my application where it would log me in and continue into the site as everything is still happening in the new window that was opened for signing in. If I close that window, the authentication process sees that as a 'Cancelling' of the login and requires me to login again (which just repeats the above process). If I leave the window open and go back to the window with my frontend site, it is still waiting for a response from the login process.
So this leads me to my main question: How do I get the Microsoft Account Authentication process to actually return the login response to my frontend site rather than to the login window?
Side note, I've updated the SDK's for both the frontend and backend from the Mobile Service ones to the Mobile App's ones. In doing so I had to add in an OWIN middleware (per the instructions in link #1 above, under the 'Updating the server project' header) to my backend app. My current hypothesis is that this OWIN middleware isn't configured correctly for authentication and is getting in the way blocking the callback from working properly; thus, I am messing around with the app.UseAppServiceAuthentication(new AppServiceAuthenticationOptions()); piece.
According to your description, I assumed that you are using the JavaScript client library for Azure Mobile Apps. I checked this issue on my local side and found I could encounter the same issue as you mentioned as follows:
Then I tried to deploy it to azure web app (https://brucechen-mobile.azurewebsites.net/login.html), I found it could work as follows:
After searched the web I found a similar issue and refer to this blog about Fix the Ripple Issues. I log onto azure portal and choose my mobile app, then click "All Settings > CORS", add the URL for my local web application as follows:
Then, click "SETTINGS > Authentication / Authorization", add the ALLOWED EXTERNAL REDIRECT URLS as follows:
Based on the above settings, it could work as expected on my local side as follows:
I have implemented AAD authentication in one of my webapp, using OWIN. everything is working as expected on dev environment but it is not working on PROD. At login it goes to AAD page, it authenticate users and it redirects back to my registered page, but register page is not opening at all. In title it show working only. I am completely lost, how to resolve this, Please help me to resolve the same.
Thanks in advance!
I got the solution for this. The issue was - to store the Tokens the Owin context created a local db (AzureTokenCache.mdf and .ldf files) in App_Data folder. This uses SQL express. Now we all know that using PaaS we cannot use any Software. Hence my authentication failed every time saying that error connecting to database. I moved everything to SQL Azure and it worked for me.
I'm using Azure Active Directory B2C with ASP.NET Core, when I click the sign-in it works like a charm on my local machine but when I deploy my web app in Azure it only works with Edge.
With Chrome and Firefox I always have this error:
I am creating a new web app (social network) and I need to be in beta for November because we go to the show in Toronto related to healthcare.
So to manage all the users (creation, login) I use Azure Active Directory B2C.
When I create the user I use the graph API because I need to do some stuff in my workflow but this part works fine.
After this I created my sign-in policy and I customized my branding.
The first problem I have is the password field, how I can place a placeholder there? (see attached picture).
The second problem I have, when I click the login it works #1 in Edge but in Chrome and Firefox I have this error :
An unhandled exception occurred while processing the request.
InvalidOperationException: Invalid non-ASCII or control character in header: 0x000D
Someone got this before ?
I faced the same issue. However, i tried to first "sign up" and then sign in. This resolved the issue.
It's not related to a specific browser and can be reproduced on any oh them with the good repro scenario. I guess your issue is that you try from an HTTP website. Since AADB2C will redirect to an HTTPS page, thus the headers are not well managed and you get this error.
Enforce the https on any website using B2C and you may solve this issue
We are developing an UWP app using ADAL authentication in Azure. We have configured our client in Azure Portal with the Redirect URI taken from the result of this method:
Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri()
It was working at the beginning, but now we've noticed that the URI generated by that method has changed. Therefore our login with ADAL does not worked anymore, stating that
The reply address 'ms-app://s-1-15-2-104.......' does not match the reply addresses configured for the application.
Of course, we added the new value of the URI to the client configuration, and it worked, but after a day or two it has changed again. I think this is not the right way to update the Azure configuration every couple of days.
How can we ensure that the result of GetCurrentApplicationCallbackUri stays unchanged?
The GetCurrentApplicationCallbackUri uses your app's SID to construct the URL. I'm not sure of the exact mechanics of it, but if you are still developed the app, especially in a team, the SID can change.
One way to ensure that it remains fixed, is to create the Application in the Windows Dashboard and associate the app with the Store:
From Visual Studio - right click on the Project and select Store->Associate app with the store.
You don't have to submit, but associating the app will update the package.appxmanifest with the real values from the Dashboard and they will persist across developers.
From documentation:
To support SSO, the online provider must allow you to register a redirect URI in the form ms-app://appSID, where appSID is the SID for your app. You can find your app's SID from the app developer page for your app, or by calling the GetCurrentApplicationCallbackUri method.
I am trying to create a sample application here with federated authentication with Azure ACS
I have a asp.net web application with a default.aspx page
I want to upload this azure cloud.I want to authenticate users using Active Directory login credentials how can I create an working sample for this.
I was searching and I found I can make use of Custom STS ?Is this the right direction ?
I found an example from MSDN
http://msdn.microsoft.com/en-us/wazplatformtrainingcourse_windowsazureandpassivefederation2010_topic2#_Toc310436991
but I clouldn't make this working till now. (I am getting a message --This page can't be displayed).
Can some one point me to a working sample with step by step documentation.
I am using VS2010 on Windows8 machine,and azure sdk 1.7
I dont have an ADFS2.0 supported server machine available now.So I am just trying to make MSDN example working
I followed all the steps as mentioned there,but
when I debug ,I can see control reaches inside "WSFederationAuthenticationModule_RedirectingToIdentityProvider method"
if my assumption is right,it should redirect to Login.aspx page ,
but instead is simply showing message "This page cant be displayed"
You can use the how-to guide on windowsazure.com: How to Authenticate Web Users with Windows Azure Access Control Service. This will also work for Active Directory by simply using your ADFS as an identity provider instead of Windows Live / Google, no need to create a custom STS for this.
If you want something with a little more screenshots, I wrote the following guide for one of my trainings: http://sandrinodimattia.net/blog/posts/federated-authentication-with-azure-appfabric-acs-v2-0-part-1-setup/