question

JohnGuilbertHousing-1818 avatar image
0 Votes"
JohnGuilbertHousing-1818 asked JohnGuilbertHousing-1818 answered

Microsoft Identity Platform Sign In not prompting with Stay Signed In and/or not using cookie to sign in?

Hi.

I am upgrading my MVC .Net code to the new Microsoft Identity Platform sign in/sign out. The sign in and sign out works, but there is no prompt for "Stay signed in?" - even though it is set up in Azure Active Directory under company bradning Wonder if anyone can provide guidance on how to replace the last line which would ensure cookie keeps session even after browser closed. This code is pretty much the same as in https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-1-MyOrg
However, I keep getting prompted for credentials when restrating browser

This was old code:

 public void ConfigureServices(IServiceCollection services)
 {
     // services.AddControllersWithViews();
    
     services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
         .AddAzureAD(options => Configuration.Bind("AzureAd", options));
    
     services.AddControllersWithViews(options =>
     {
         var policy = new AuthorizationPolicyBuilder()
             .RequireAuthenticatedUser()
             .Build();
         options.Filters.Add(new AuthorizeFilter(policy));
     });
     services.AddRazorPages();
    
     services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
     {
         options.Events = new OpenIdConnectEvents
         {
             OnTokenValidated = async ctx =>
             {
                 var roleGroups = new Dictionary<string, string>();
                 Configuration.Bind("AuthorizationGroups", roleGroups);
    
                 var graphService = await GraphService.CreateOnBehalfOfUserAsync(ctx.SecurityToken.RawData, Configuration);
                 var memberGroups = await graphService.CheckMemberGroupsAsync(roleGroups.Keys);
    
                 var claims = memberGroups.Select(groupGuid => new Claim(ClaimTypes.Role, roleGroups[groupGuid]));
                 var appIdentity = new ClaimsIdentity(claims);
                 ctx.Principal.AddIdentity(appIdentity);
    
                 var user = await graphService.GetMe();
                 ctx.Principal.AddUserGraphInfo(user);
             }
         };
     });
    
     services.Configure<CookieAuthenticationOptions>(AzureADDefaults.CookieScheme, options => options.AccessDeniedPath = "/accessdenied");
 }


Here is current code:


      public void ConfigureServices(IServiceCollection services)
         {
             services.Configure<CookiePolicyOptions>(options =>
             {
                 // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                 options.CheckConsentNeeded = context => true;
                 options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
                 // Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
                 options.HandleSameSiteCookieCompatibility();
             });
    
             services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
             .AddMicrosoftIdentityWebApp(options => Configuration.Bind("AzureAd", options));
    
             services.AddControllersWithViews(options =>
             {
                 var policy = new AuthorizationPolicyBuilder()
                     .RequireAuthenticatedUser()
                     .Build();
                 options.Filters.Add(new AuthorizeFilter(policy));
             }).AddMicrosoftIdentityUI();
    
             services.AddRazorPages();
    
             services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
             {
                 options.Events = new OpenIdConnectEvents
                 {
                     OnTokenValidated = async ctx =>
                     {
                         var roleGroups = new Dictionary<string, string>();
                         Configuration.Bind("AuthorizationGroups", roleGroups);
    
                         var graphService = await GraphService.CreateOnBehalfOfUserAsync(ctx.SecurityToken.RawData, Configuration);
                         var memberGroups = await graphService.CheckMemberGroupsAsync(roleGroups.Keys);
    
                         var claims = memberGroups.Select(groupGuid => new Claim(ClaimTypes.Role, roleGroups[groupGuid]));
                         var appIdentity = new ClaimsIdentity(claims);
                         ctx.Principal.AddIdentity(appIdentity);
    
                         var user = await graphService.GetMe();
                         ctx.Principal.AddUserGraphInfo(user);
                     }
                 };
             });
         }
    
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
         public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
         {
             if (env.IsDevelopment())
             {
                 app.UseDeveloperExceptionPage();
             }
             else
             {
                 app.UseExceptionHandler("/Home/Error");
                 // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                 app.UseHsts();
             }
             app.UseHttpsRedirection();
             app.UseStaticFiles();
             app.UseCookiePolicy();
    
             app.UseRouting();
    
             app.UseAuthentication();
             app.UseAuthorization();
    
             app.UseEndpoints(endpoints =>
             {
                 endpoints.MapControllerRoute(
                     name: "default",
                     pattern: "{controller=LegalAdvice}/{action=Index}/{id?}");
                 endpoints.MapRazorPages();
             });
         }
     }
 }

Thanks.

John.





dotnet-aspnet-core-mvc
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am upgrading my MVC .Net code to the new Microsoft Identity Platform sign in/sign out. The sign in and sign out works, but there is no prompt for "Stay signed in?" - even though it is set up in Azure Active Directory under company bradning Wonder if anyone can provide guidance on how to replace the last line which would ensure cookie keeps session even after browser closed. This code is pretty much the same as in https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-1-MyOrg
However, I keep getting prompted for credentials when restrating browser

From your description, it seems that this is the browser behavior. Check your browser setting, make sure you have enabled the cookie, autofill and allowed the website to send pop-ups and use redirects.

0 Votes 0 ·

1 Answer

JohnGuilbertHousing-1818 avatar image
0 Votes"
JohnGuilbertHousing-1818 answered

Yep thanks for that. Seems that when I don't run the app from Visual Studio in debug and publish it to live App Service it works as expected.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.