Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,449 questions
Access has been blocked by CORS policy when redirecting to login.microsoft
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 2%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
Teodorescu, A.C. (Andrei - Calin)
0
Reputation points
Hello,
I have a web app (javascript front-end with a .NET Core 6 Web API) and I am trying to add authentication via OpenId connect and my redirects to login.microsoft are blocked by a CORS, if I hit the refresh button on the browser the redirect to login.microsoft works and the authentication is fine, but if the redirect happens without refresh it does not work. What I am doing wrong or what is missing? Below you can find my Web API auth configuration.
public static WebApplicationBuilder AddAuthenticationViaOpenIdConnect(this WebApplicationBuilder builder)
{
var serviceCollection = builder.Services;
var configuration = builder.Configuration;
serviceCollection.AddAuthentication(options =>
{
// our authentication process will used signed cookies
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
// our authentication challenge is openid
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.Cookie.Name = "oidc";
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.IsEssential = true;
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.NonceCookie.SecurePolicy = CookieSecurePolicy.Always;
options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
// How middleware persists the user identity? (Cookie)
options.SignInScheme =
CookieAuthenticationDefaults.AuthenticationScheme;
options.GetClaimsFromUserInfoEndpoint = true;
// How Browser redirects user to authentication provider?
// (direct get)
options.AuthenticationMethod =
OpenIdConnectRedirectBehavior.RedirectGet;
// How response should be sent back from authentication provider?
//(form_post)
options.ResponseMode = OpenIdConnectResponseMode.FormPost;
// Who is the authentication provider? (IDP)
options.Authority = configuration["Azure:Authority"];
// Who are we? (client id)
options.ClientId = configuration["Azure:ClientId"];
// How does authentication provider know, we are legit? (secret key)
options.ClientSecret = configuration["Azure:Secret"];
// What do we intend to receive back?
// (code to make for consequent requests)
options.ResponseType = OpenIdConnectResponseType.Code;
// Should there be extra layer of security?
// (false: as we are using hybrid)
options.UsePkce = false;
// Where we would like to get the response after authentication?
options.CallbackPath = configuration["Azure:CallbackPath"];
// Should we persist tokens?
options.SaveTokens = true;
// Should we request user profile details for user end point?
options.GetClaimsFromUserInfoEndpoint = true;
options.SkipUnrecognizedRequests = true;
// What scopes do we need?
//options.Scope.Add("sid");
//options.Scope.Add("email");
//options.Scope.Add("acct");
//options.Scope.Add("upn");
//options.Scope.Add("groups");
// How to handle OIDC events?
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProviderForSignOut = context =>
{
context.Response.Redirect(configuration["Azure:RedirectOnSignOut"]);
context.HandleResponse();
return Task.CompletedTask;
},
// Where to redirect when we get authentication errors?
OnRemoteFailure = context =>
{
context.Response.Redirect("/error");
context.HandleResponse();
return Task.FromResult(0);
}
};
});
return builder;
}
Sign in to answer