Asp .net mvc azure sso from outlook add in

Christian Bilotta 1 Reputation point
2022-10-29T10:15:47.313+00:00

Hi,

I can correctly use azure ad openid sso in my asp net mvc web app. But we have an outlook add in , which use the Same login page with sso and from the outlook panel which loads my web page the sso won't work , the error says : nonce cookie is null.
I ve done some checks and the developer console network shows that the first challenge request towards login.microsoft online has correctly the nonce cookie but then on the authorize request the cookie seems to be lost.

ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,386 questions
Office Development
Office Development
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Development: The process of researching, productizing, and refining new or existing technologies.
3,660 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Christian Bilotta 1 Reputation point
    2022-11-01T16:19:37.483+00:00

    Others updates:
    I m trying to make the add in work with azure sso just by using it from outlook.office.com web site iframe sandbox and so avoid using desktop outlook and the webview to browse it. Still testing it , will take sometime because we need to make formal requests to our IT to configure CSP headers on rev proxy...
    I ll keep you up to date, still would be cool to make it work even from webview

    0 comments No comments

  2. Christian Bilotta 1 Reputation point
    2022-11-03T17:32:17.593+00:00

    Solved, from desktop App works , the problem of the missing nonce token was because the account used in outlook was different from the one who is enabled access azure ad . So just configured the right account in outlook.

    While from browser outlook.office.com add in when I try sso I have:

    Could not load login.microsofronline.com because x frame options is set to deny

    0 comments No comments