question

M34-3447 avatar image
0 Votes"
M34-3447 asked alfredorevilla-msft edited

ASP.Net WebForms-MSAL.Net integration Default Document

I've switched a Webforms app from Forms Authentication to Azure AD B2C using MSAL.NET. That works fine but I'm having trouble getting it to serve a Default Document.

In Forms Authentication the config has a setting for the login page and a setting for the page to redirect to once the user has authenticated. We use the login page to accept credentials and act as branded splash page. In MSAL there are equivalents but the login page is hosted by Azure. So if I load www.example.com it will redirect straight to the Azure login page. What I want it to do is load a splash page or pre-login page from which the user initiates the redirect to the Azure login page. I could customise the Azure login page but ideally want this splash page within the web app.

Setting a defaultDocument in the web.config doesn't work, presumably because its using the Owin pipeline, neither does setting CookieAuthenticationOptions.LoginPath when adding the cookie authentication middleware.

Has anybody got a solution for this please?


dotnet-aspnet-webformsazure-ad-msal
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

alfredorevilla-msft avatar image
0 Votes"
alfredorevilla-msft answered

Hello @m34-3447 and thanks for reaching out. Mostly, Owin applications rely on web.config to deny anonymous users. Disable it by removing or commenting the proper entry:

<system.web>
    <authorization>
      <!--<deny users="?"/>-->
    </authorization>
</system.web>


Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

M34-3447 avatar image
0 Votes"
M34-3447 answered alfredorevilla-msft edited

Thanks @alfredorevilla-msft. Its restricting unauthorised access to the private pages ok, even with that config setting and its allowing public access to pages with location\path config. I've managed to find a way to default the public login splash page. This page just contains branding and a link to the Azure login.

In the Startup class I added:

 Public Sub StartAuth(app As IAppBuilder)
             app.UseDefaultFiles(CreateDefaultFileOptions())
             app.UseStaticFiles(CreateStaticFileOptions())
 End Sub    

Private Function CreateDefaultFileOptions() As DefaultFilesOptions
Dim options As New DefaultFilesOptions()
Dim physicalFileSystem = New PhysicalFileSystem("")
Dim defaultFileNames() As String = {defaultHiddenPage}

     options.FileSystem = physicalFileSystem
     options.DefaultFileNames = defaultFileNames

     Return options
 End Function   

Private Function CreateStaticFileOptions() As StaticFileOptions
Dim options As New StaticFileOptions()
Dim physicalFileSystem = New PhysicalFileSystem("")

     options.FileSystem = physicalFileSystem
     options.OnPrepareResponse = AddressOf OnPrepareResponse

     Return options
 End Function

defaultHiddenPage is just a static html page with an onload redirect to the public login splash page.
The OnPrepareResponse handler is where it checks for the defaultHiddenPage and redirects to the public login splash page.


Private Function OnPrepareResponse(ByVal context As StaticFileResponseContext) As Task
Dim url As String = context.OwinContext.Request.Uri.OriginalString

     System.Diagnostics.Debug.WriteLine("*** OnPrepareResponse: " & url)

     If context.OwinContext.Request.Uri.LocalPath.Equals("/" & defaultHiddenPage) Then context.OwinContext.Response.Redirect(loginPage)

     Return Task.FromResult(0)
 End Function
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @m34-3447, thanks for sharing your findings. That being said, can you re-phrase the rationale behind such solution? Sound a little bit complex for just avoiding the redirect to Azure.

0 Votes 0 ·