ASP.Net WebForms-MSAL.Net integration Default Document

Question

I've switched a Webforms app from Forms Authentication to Azure AD B2C using MSAL.NET. That works fine but I'm having trouble getting it to serve a Default Document.

In Forms Authentication the config has a setting for the login page and a setting for the page to redirect to once the user has authenticated. We use the login page to accept credentials and act as branded splash page. In MSAL there are equivalents but the login page is hosted by Azure. So if I load www.example.com it will redirect straight to the Azure login page. What I want it to do is load a splash page or pre-login page from which the user initiates the redirect to the Azure login page. I could customise the Azure login page but ideally want this splash page within the web app.

Setting a defaultDocument in the web.config doesn't work, presumably because its using the Owin pipeline, neither does setting CookieAuthenticationOptions.LoginPath when adding the cookie authentication middleware.

Has anybody got a solution for this please?

Answer 1

Hello @M34 and thanks for reaching out. Mostly, Owin applications rely on web.config to deny anonymous users. Disable it by removing or commenting the proper entry:

   <system.web>  
       <authorization>  
         <!--<deny users="?"/>-->  
       </authorization>  
   </system.web>  

Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

Answer 2

Thanks @Alfredo Revilla - Senior Freelance SWE, SWA, IAM . Its restricting unauthorised access to the private pages ok, even with that config setting and its allowing public access to pages with location\path config. I've managed to find a way to default the public login splash page. This page just contains branding and a link to the Azure login.

In the Startup class I added:

Public Sub StartAuth(app As IAppBuilder)  
            app.UseDefaultFiles(CreateDefaultFileOptions())  
            app.UseStaticFiles(CreateStaticFileOptions())  
End Sub      

Private Function CreateDefaultFileOptions() As DefaultFilesOptions
Dim options As New DefaultFilesOptions()
Dim physicalFileSystem = New PhysicalFileSystem("")
Dim defaultFileNames() As String = {defaultHiddenPage}

    options.FileSystem = physicalFileSystem  
    options.DefaultFileNames = defaultFileNames  

    Return options  
End Function     

Private Function CreateStaticFileOptions() As StaticFileOptions
Dim options As New StaticFileOptions()
Dim physicalFileSystem = New PhysicalFileSystem("")

    options.FileSystem = physicalFileSystem  
    options.OnPrepareResponse = AddressOf OnPrepareResponse  

    Return options  
End Function  

defaultHiddenPage is just a static html page with an onload redirect to the public login splash page.
The OnPrepareResponse handler is where it checks for the defaultHiddenPage and redirects to the public login splash page.

Private Function OnPrepareResponse(ByVal context As StaticFileResponseContext) As Task
Dim url As String = context.OwinContext.Request.Uri.OriginalString

    System.Diagnostics.Debug.WriteLine("*** OnPrepareResponse: " & url)  

    If context.OwinContext.Request.Uri.LocalPath.Equals("/" & defaultHiddenPage) Then context.OwinContext.Response.Redirect(loginPage)  

    Return Task.FromResult(0)  
End Function

Answer 3

your default.aspx splash page should be anonymous. the login link on this page should redirect to the desired authenticated page, not the azure login page. because the new page requires authentication, it will redirect to the login service, azure will authenticate and redirect back to the authenticated page.