Unable to get authenticated information from the added Azure AD B2C authentication.

Miura, Mayu 0 Reputation points
2023-12-01T11:35:45.7033333+00:00

I am modifying the existing web system to ensure that only access from outside the company’s network is authenticated via Azure AD B2C, and to redirect the user to the main screen upon successful authentication.
*The web system is coded in C# (.NET 6) using the MVC model.

The following logic has been added to Startup.cs to achieve the above.
The logic was added after “services.AddMicrosoftIdentityWebAppAuthentication” below, and the logic before that represents the existing processes in the current web system.

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = "MyScheme";
}).AddCookie();
services.AddDistributedMemoryCache();

services.AddMicrosoftIdentityWebAppAuthentication(_configuration, "AzureAdB2C", OpenIdConnectDefaults.AuthenticationScheme, "b2cCookies");
services.AddControllersWithViews().AddMicrosoftIdentityUI();
services.AddOptions();
services.Configure<OpenIdConnectOptions>(_configuration.GetSection("AzureAdB2C"));

Then, I added the following logic to the controller on the main screen: it determines the IP address and transitions to the B2C MFA authentication screen if Azure B2C authentication is absent, except for the company’s IP address.*The processes following the “else” statement below are existing processes in the current system.

public IActionResult Main()
{
    string ipAddress;
    using (HttpClient client = new HttpClient())
    {
        ipAddress = client.GetStringAsync("https://ipinfo.io/ip").Result;
    }
    List<string> allowedIPs = new List<string> { "192.168.1.100", "192.168.1.200" };
    if (!allowedIPs.Contains(ipAddress) && !User.Identity.IsAuthenticated)
    {
        string redirectUri = Request.GetDisplayUrl();
        string authenticateUrl = $"{_configuration["AzureADB2C:Instance"]}/{_configuration["AzureADB2C:Domain"]}/{_configuration["AzureADB2C:UserFlowName"]}/oauth2/v2.0/authorize?p={_configuration["AzureADB2C:UserFlowName"]}&client_id={_configuration["AzureADB2C:ClientId"]}&nonce=defaultNonce&redirect_uri={redirectUri}&scope=openid&response_type=id_token&prompt=login";
        return Redirect(authenticateUrl);
    }
    else
    {
        if (HttpContext.Session.GetString(AccountConst.M_AUTH_USER_ID) != null)
        {
            return RedirectToAction("Index", "Top");
        }
        return View("Main");
    }
}

With this modification, the Azure AD B2C MFA authentication screen is now displayed when the web system is accessed from an IP address that is not associated with the company. However, even after successful authentication, when the Main function of the main screen controller is called again, “User.Identity.IsAuthenticated” remains false, preventing the transition to the main screen.

How can I get the correct certification status?

ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,405 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,606 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,486 questions
{count} votes