Request.IsAuthenticated is false when using Azure AD

Joe Green 146 Reputation points
2023-01-12T16:20:38.38+00:00

Hello,

In asp.net 4.8 (not Core) web application, I have set Client Id, RedirectUri, Tenant and Authority in Web.Config. In Startup.cs, I have following:

        string clientId = System.Configuration.ConfigurationManager.AppSettings["ClientId"];
        string redirectUri = System.Configuration.ConfigurationManager.AppSettings["RedirectUri"];
        static string tenant = System.Configuration.ConfigurationManager.AppSettings["Tenant"];
        string authority = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings["Authority"], tenant);
      
        public void Configuration(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());
            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = clientId,
                    Authority = authority,
                    RedirectUri = redirectUri,
                    PostLogoutRedirectUri = redirectUri,
                    Scope = OpenIdConnectScope.OpenIdProfile,
                    ResponseType = OpenIdConnectResponseType.CodeIdToken,
                    TokenValidationParameters = new TokenValidationParameters()
                    {
                        ValidateIssuer = false // This is a simplification
                    },
                    Notifications = new OpenIdConnectAuthenticationNotifications
                    {
                        AuthenticationFailed = OnAuthenticationFailed
                    }
                }
            );
        }

When I run the application, I'm able to enter username and password. Then I get redirected to redirectUri specified in web.config file. Is it correct to assume that I'm getting authenticated since I get redirected to redirecttUri?

On the redirectUri page, I'm running this code but Request.IsAuthenticated always fails as if I wasn't authenticated. What am I'm missing. Why Request.IsAuthenticated is false?

    @if (!Request.IsAuthenticated)
    {        
        Response.Redirect(@Url.Action("SignIn", "Home"));
    }
    else
    {
        <span><br />Hello @System.Security.Claims.ClaimsPrincipal.Current.FindFirst("name").Value;</span>
        <br /><br />
        @Html.ActionLink("See Your Claims", "Index", "Claims")
        <br /><br />
        @Html.ActionLink("Sign out", "SignOut", "Home")
    }
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,250 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,438 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. PatriceSc 166 Reputation points
    2023-01-16T13:46:35.3266667+00:00

    Hi,

    How do you trigger authentication?

    Do you have an Authorize attribute or global filter to require authentication? Try maybe Request.User.Identity.IsAuthenticated though I guess it should return the same value. It should definitively be true if all is fine.

    0 comments
  2. Bruce (SqlWork.com) 55,366 Reputation points
    2023-01-16T19:00:24.42+00:00

    The redirect url and the reply Url in azure should be the site root. When azure redirects back, the owin handler will see the token argument and build a cookie with the token, then redirect to to the return url.

    using the browsers debugger you can check if the cookie was created.

    0 comments