At B2C sign in we must set redirect URLs to b2clogin.com for Azure Active Directory B2C
I've checked this page:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory-b2c/b2clogin.md
I have separate application for frontend and backend part.
I have this configurations on the frontend side:
getB2CMaslConfig(){
return {
clientID: 'clienId',
authority: "https://tenantName.b2clogin.com/tfp/tenantName.onmicrosoft.com/policyNAme/v2.0/",
scopes: ["https://tenantName.onmicrosoft.com/api/read"],
validateAuthority: false
};
I have this config in the backend side:
<add key="ida:AadInstance" value="https://tenantName.b2clogin.com/{0}/v2.0/.well-known/openid-configuration?p={1}" />
<add key="ida:Tenant" value="tenantName.onmicrosoft.com" />
<add key="ida:ClientId" value="clientId" />
<add key="ida:SignUpSignInPolicyId" value="policyNAme" />
<!-- The following settings is used for requesting access tokens -->
<add key="api:ReadScope" value="read" />
<add key="api:WriteScope" value="write" />
},
If I use the login.microsoftonline.com instead of tenantName.b2clogin.com everything works fine, but if I change to tenantName.b2clogin.com I keep getting the error: "endpoints_resolution_error:Endpoints cannot be resolved"
Can you please advise how to change the redirect URLs in order to work well?
Thanks in advance!
Asp.Net Core doesn't seem to recognize the user from the call context?.User?.Identity?.Name when windows authentication is enabled and running in IIS Express or IIS.
Desired behavior: Enabling both Windows authentication and anonymous authentication in IIS and/or IIS Express, Asp.Net Core should automatically recognize the windows user.
Actual behavior: When I enable both windows and anonymous authentication in IIS or IIS Express, the user name is null. When I disable anonymous authentication or call HttpContext.ChallengeAsync(IISDefaults.AuthenticationScheme), I get a login prompt, which I don't want.
My understanding is that, even though I want to use this for Active Directory, I don't need active directory or a domain to authenticate a windows user.
Environment:
Windows 8.1 (not on a domain)
IIS 8.5 / Visual Studio 2017 w/ IIS Express
Windows Authentication security feature installed
Windows Authentication & (with NTLM provider) & Anonymous Authentication Enabled
Logged in as local account user
Dependencies:
Microsoft.AspNetCore.All 2.0.8
Startup:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<IISOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = true;
});
services.AddAuthentication(IISDefaults.AuthenticationScheme);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
app.Run(async (context) =>
{
await context.Response.WriteAsync(JsonConvert.SerializeObject(new
{
UserName = context?.User?.Identity?.Name
}));
});
launchSettings.json:
{
"iisSettings": {
"windowsAuthentication": true,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:51682/",
"sslPort": 0
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}
web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<remove name="aspNetCore" />
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore forwardWindowsAuthToken="true" processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" />
</system.webServer>
</configuration>
applicationhost.config: (IIS Express)
Based on this article: https://learn.microsoft.com/en-us/iis/configuration/system.webServer/security/authentication/windowsAuthentication/
<authentication>
<anonymousAuthentication enabled="true" userName="" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false"></iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="true">
<providers>
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
A couple things:
When you disable anonymous authentication, you get a popup because the browser likely doesn't trust the site. You need to open Internet Options (from the Windows Control Panel) -> Security tab -> Click 'Trusted Sites' -> Click 'Sites' and add the URL to your site there. Both IE and Chrome use those settings for deciding whether to automatically send your credentials.
When you have both anonymous and Windows authentication enabled, anonymous takes precedence except in places where you tell it that the user must be logged in. To do that, use the [Authorize] attribute either on a controller, or just on individual actions. There are more details in the documentation, under the heading Allow Anonymous Access.
I have both my web and api projects deployed to separate Azure webapps and am struggling with a CORS issue. When deployed locally everything works fine, but not once published to Azure.
I am using two different methods to enable CORS and neither seem to be solving my issue.
Potential Fixes:
In my web.config I add a customHeader for <add name="Access-Control-Allow-Origin" value="*" />
In the Register method of WebApiConfig.cs I call enableCors as var cors = new EnableCorsAttribute("*", "*", "*"); config.EnableCors(cors);
The scenarios, referencing the above two fixes, are as follows:
With neither #1 or #2 used every server call returns a no access-control-allow-origin error (expected)
With both #1 and #2 used I receive an error that I am enabling CORS twice with the same value (expected)
If I only use #1 I don't receive a CORS error but every API method returns a 405 not allowed error
If I only use #2 every api call returns a no access-control-allow-origin error
Question: How can I globally enable CORS for my .NET Web Api project hosted in Azure?
appstart and register code:
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
public static void Register(HttpConfiguration config)
{
// Enable CORS
// TODO, * below is debug only
var cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(cors);
// Web API configuration and services
// Configure Web API to use only bearer token authentication.
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
I think this is the common issue with IIS default optionshandler. You have to update your Web.Config to disable defaults handlers. This is what I use for ASP.Net vnext hosted on Azure.
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="WebDav" />
<remove name="OPTIONSVerbHandler" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
I found that adding the Allow headers to web.config was the simplest way to get things working for me. Note you can't use both methods, you must choose one or the other.
I believe the solution to your 405 Not Allowed error is that you also need to include a line like this in web.config:
<add name="Access-Control-Allow-Headers" value="Authorization, Origin, Content-Type "/>
If you are still getting that error, you may need to include additional values from this list:
<add name="Access-Control-Allow-Headers" value="Access-Control-Allow-Headers, Authorization, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers" />
I am trying to log in to Azure Active Directory from my web page in cloud services. The log in screen comes up and I am able to log in OK. However when it sends me to my homepage it says "page cannot be displayed". In the Azure Active Directory configuration I added SSL localhost to the APP URI and Reply URL and configured the properties in VS2013 to show SSL = True and set the project URL to the localhost. I was able to access the page before I added the log in screen.
Relevant web.config settings:
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="ida:FederationMetadataLocation" value="login.windows.net/conpro.com/FederationMetadata/2007-06/…; />
<add key="ida:Realm" value="localhost:44307/"; />
<add key="ida:AudienceUri" value="localhost:44307/"; />
</appSettings>
Your web.config URI values need to include https://. I'd suggest taking a look at this sample app as well.
I am not able to work with htpphandlers in azure after deploy, it is ok with in the local machine.
In web.config I declared as follows
<system.web>
<httpHandlers>
<add verb="*" path="*.cspx" type="WebRole1.Handle,WebRole1"/>
</httpHandlers>
In my handler.cs file i written as follows.
namespace WebRole1
{
public class Handle : IHttpHandler
{
#region IHttpHandler Members
bool IHttpHandler.IsReusable
{
get { return true; }
}
void IHttpHandler.ProcessRequest(HttpContext context)
{
context.Server.Transfer("Test.aspx", true);
}
#endregion
}
}
In my local machine it is working fine. But after deploy to windows azure getting
500 internal server error.
I think your problem is related with having custom handlers in system.web instead of system.webserver.
Move your custom HTTP Handler to System.webserver as below:
<system.webserver>
<httpHandlers>
<add verb="*" path="*.cspx" type="WebRole1.Handle,WebRole1"/>
</httpHandlers>
<system.webserver>