Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,449 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I have a web app (javascript front-end with a .NET Core 6 Web API) and I am trying to add authentication via OpenId connect and my redirects to login.microsoft are blocked by a CORS, if I hit the refresh button on the browser the redirect to login.microsoft works and the authentication is fine, but if the redirect happens without refresh it does not work. What I am doing wrong or what is missing? Below you can find my Web API auth configuration.
public static WebApplicationBuilder AddAuthenticationViaOpenIdConnect(this WebApplicationBuilder builder)
{
var serviceCollection = builder.Services;
var configuration = builder.Configuration;
serviceCollection.AddAuthentication(options =>
{
// our authentication process will used signed cookies
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
// our authentication challenge is openid
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.Cookie.Name = "oidc";
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.IsEssential = true;
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.NonceCookie.SecurePolicy = CookieSecurePolicy.Always;
options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
// How middleware persists the user identity? (Cookie)
options.SignInScheme =
CookieAuthenticationDefaults.AuthenticationScheme;
options.GetClaimsFromUserInfoEndpoint = true;
// How Browser redirects user to authentication provider?
// (direct get)
options.AuthenticationMethod =
OpenIdConnectRedirectBehavior.RedirectGet;
// How response should be sent back from authentication provider?
//(form_post)
options.ResponseMode = OpenIdConnectResponseMode.FormPost;
// Who is the authentication provider? (IDP)
options.Authority = configuration["Azure:Authority"];
// Who are we? (client id)
options.ClientId = configuration["Azure:ClientId"];
// How does authentication provider know, we are legit? (secret key)
options.ClientSecret = configuration["Azure:Secret"];
// What do we intend to receive back?
// (code to make for consequent requests)
options.ResponseType = OpenIdConnectResponseType.Code;
// Should there be extra layer of security?
// (false: as we are using hybrid)
options.UsePkce = false;
// Where we would like to get the response after authentication?
options.CallbackPath = configuration["Azure:CallbackPath"];
// Should we persist tokens?
options.SaveTokens = true;
// Should we request user profile details for user end point?
options.GetClaimsFromUserInfoEndpoint = true;
options.SkipUnrecognizedRequests = true;
// What scopes do we need?
//options.Scope.Add("sid");
//options.Scope.Add("email");
//options.Scope.Add("acct");
//options.Scope.Add("upn");
//options.Scope.Add("groups");
// How to handle OIDC events?
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProviderForSignOut = context =>
{
context.Response.Redirect(configuration["Azure:RedirectOnSignOut"]);
context.HandleResponse();
return Task.CompletedTask;
},
// Where to redirect when we get authentication errors?
OnRemoteFailure = context =>
{
context.Response.Redirect("/error");
context.HandleResponse();
return Task.FromResult(0);
}
};
});
return builder;
}