Hi,
I'm currently attempting to migrate a SharePoint Add-in project to authenticate via Azure AD. The Project is a .Net Framework 4.7.2 MVC web app. I've registered the TokenAcquirerFactory like so in the ConfigureAuth:
_redirectUri is my localhost 'https://localhost:44322/'
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
Provider = new CookieAuthenticationProvider
{
OnResponseSignIn = context =>
{
// Force landing page after cookie is set
context.Properties.RedirectUri = _redirectUri;
}
}
});
// Get an TokenAcquirerFactory specialized for OWINS
OwinTokenAcquirerFactory owinTokenAcquirerFactory = TokenAcquirerFactory.GetDefaultInstance<OwinTokenAcquirerFactory>();
// Add the services you need.
owinTokenAcquirerFactory.Services
.Configure<ConfidentialClientApplicationOptions>(options =>
{
options.RedirectUri = _redirectUri;
})
.AddDistributedTokenCaches();
owinTokenAcquirerFactory.Services.AddDistributedSqlServerCache(options =>
{
options.ConnectionString = ConfigurationManager.AppSettings["Cache"];
options.SchemaName = "dbo";
options.TableName = "TokenCache";
options.DefaultSlidingExpiration = TimeSpan.FromMinutes(90);
});
// Configure the web app.
app.AddMicrosoftIdentityWebApp(owinTokenAcquirerFactory,
updateOptions: options =>
{
options.RedirectUri = _redirectUri;
options.PostLogoutRedirectUri = _redirectUri;
/*options.Notifications = options.Notifications ?? new OpenIdConnectAuthenticationNotifications();
options.Notifications.AuthorizationCodeReceived = context =>
{
context.AuthenticationTicket.Properties.RedirectUri = _redirectUri;
return Task.FromResult(0);
};*/
});
owinTokenAcquirerFactory.Build();
}
in my appsettings.json I have:
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "domain.onmicrosoft.com",
"TenantId": "tenantid",
"ClientId": "clientid",
"ClientSecret": "secret",
"RedirectUri": "https://localhost:44322/"
}
When running my app, I can successfully log-in from the home page (https://localhost:44322/) and am able to use the token to authenticate against SharePoint. However if I log-out or clear my cache and try to go to another endpoint on my app; after being prompted to log-in it will return to the same endpoint where the log-in was prompted (ie https://localhost:44322/Dashboard) which results in a Uri-mismatch error. In the Authorize request the redirect uri is always the url that the auth was prompted from. This is an issue as users will be given direct links to pages.
I am using System.Web.Mvc.AuthorizeAttribute [Authorize] to prompt the user to authenticate.
I have https://localhost:44322/ registered in azure entra as a redirect uri.
I have attempted to re-write the redirectUri by overriding the middleware in OpenIdConnectAuthenticationOptions.Notifications, however when the redirect uri is changed, the TokenAcquirerFactory fails to find an identity for the user, so I can't get their token and therefore I cannot authenticate against SharePoint.
The version of Microsoft.Identity.Web i'm using is 3.14.
I am unable to upgrade to .Net Core at the moment due to the size of the project and its dependencies.
Any help would be greatly appreciated,
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 16%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)