- ABP Framework version: v5.1.4
- UI type: Blazor
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): no
We are attempting to incorporate support for calling Microsoft Graph APIs in our ABP application, using the Microsoft.Graph package. We've already successfully implemented authentication using Azure AD accounts according to the directions in this post: https://community.abp.io/posts/how-to-use-the-azure-active-directory-authentication-for-mvc-razor-page-applications-4603b9cf (we used the second approach, using AddMicrosoftIdentityWebApp).
However, when attempting to add lines to set up the Microsoft Graph client, login with Azure AD no longer works (when Azure AD is selected as the login option, the login page reloads without logging in). Here is the code for our ConfigureAuthentication function in the BlazorModule.cs file:
private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
{
context.Services.AddAuthentication()
.AddJwtBearer(options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
options.Audience = "Link";
})
.AddMicrosoftIdentityWebApp(configuration.GetSection("AzureAd"))
// Login only succeeds when these three lines are commented out:
.EnableTokenAcquisitionToCallDownstreamApi(new string[] { "Group.ReadWrite.All", "User.ReadBasic.All" })
.AddMicrosoftGraph(configuration.GetSection("Graph"))
.AddInMemoryTokenCaches();
context.Services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Authority = configuration["AzureAd:Instance"] + configuration["AzureAd:TenantId"] + "/v2.0/";
options.ClientId = configuration["AzureAd:ClientId"];
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.CallbackPath = configuration["AzureAd:CallbackPath"];
options.ClientSecret = configuration["AzureAd:ClientSecret"];
options.RequireHttpsMetadata = false;
options.SaveTokens = false;
options.GetClaimsFromUserInfoEndpoint = true;
options.SignInScheme = IdentityConstants.ExternalScheme;
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
});
}
The "Graph" section of appsettings.json consists of the following:
"Graph": {
"BaseUrl": "https://graph.microsoft.com/v1.0",
"Scopes": [ "Group.ReadWrite.All", "User.ReadBasic.All" ]
}
What would be the correct way to implement the Microsoft.Graph package into our ABP app?
9 Answer(s)
-
0
hi
You can try this without abp first. add it to abp when it success.
-
0
I already got it working in a test Blazor server app. However, in ABP, logins using OpenIdConnect stop going through after adding these three lines of code to initialize the Graph client component:
.EnableTokenAcquisitionToCallDownstreamApi(new string[] { "Group.ReadWrite.All", "User.ReadBasic.All" }) .AddMicrosoftGraph(configuration.GetSection("Graph")) .AddInMemoryTokenCaches();
When they're commented out, OpenIdConnect logins start working again.
-
0
Please try to use different scheme.
The default scheme of
AddMicrosoftIdentityWebApp
isOpenIdConnectDefaults.AuthenticationScheme
https://github.com/AzureAD/microsoft-identity-web/blob/0e8a08d8c55edf3aec695a809d189d2ac4b770d9/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs#L42
-
0
Passing in a different value for authentication scheme didn't help.
-
0
Can you check the logs?
-
0
Where are those?
-
0
Your project
Logs/logs.txt
-
0
Here's a link. I deleted what was there so it'd start with a fresh log. This should show starting the web app, going to the login screen, then trying to connect through the OpenIdConnect button. As stated before, it immediately returned to the login screen without logging in.
https://etvsoftware0-my.sharepoint.com/:t:/g/personal/amacaulay_etvsoftware_com/EUoNySMvi3JMuxiigE3srscBjxAWdubySgty938AFHqvVw?e=athe4I
-
0
hi
Can you prepare a simpleproject to reproduce the problem? Include steps. Thanks.
liming.ma@volosoft.com