- ABP Framework version: v8.2
- UI Type: Blazor Web App
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): no
- Exception message and full stack trace:
- Steps to reproduce the issue:
Hi,
I am attempting to integrate Entra External ID. This is for an existing Blazor Web App (8.2) tiered project, however I have created a brand new non-tiered project in order to work through the Auth integration. Then I will apply to the existing tiered project.
I have 2 issues, the first and most strange being that as soon as I add the configuration section using Microsoft.Identity.WebApp that allows me to initiate the Entra flow I can not log in using the built in admin credentials.
This is the clean solution, no config for Entra, Admin login working fine:
After adding the config to allow for Entra Login:
I now get the OpenIdConnect button:
However, if I try to log in with the basic admin credentials:
It redirects back , pauses for 2-3 seconds with an ‘ Authorizing’ message, then I get this UI which is not what I would expect after logging in as Admin. No Administration menu, no access to the ‘RockStars’ entity I generated as a test case:
When I click the Logout Button noted above I get back to the Login UI noted above, when I click the OpenIdConnect button I get an invalid OAuth State Error. This is what I get every time I redirect back to <abp>/signin-oidc. Would appreciate it if you could check my config screenshotted above and let me know if there is something missing / wrong that would cause this error:
Main concern is that as soon as I add the external Entra login support I can't seem to log in as normal with the built in admin account. I need to support Entra External ID in all of my future projects so this is critical for my business going forward.
This is a brand new solution that I generated yesterday to debug these issues. I can share this with you on GitHub in order to troubleshoot.
Please let me know if you need any more info.
Thanks,
Karim
15 Answer(s)
-
0
hi
Please try to change
context.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme).AddMicrosoftIdentityWebApp(...
tocontext.Services.AddAuthentication().AddMicrosoftIdentityWebApp(...
-
0
-
0
-
0
I think the callback path is OK, you can see here:
I previously added a personal Microsoft account configuration that worked with this redirect URL, everything worked as expected, I could register a new user and / or login with an existing account:
So I don't think it is the Callback path in this case, but maybe something else in the config that is causing ABP to throw this error. I know how OpenId config can be tricky, hopefully we can figure out what is the root cause here.
Thanks,
Karim
-
0
hi
Can you test your configuration in a new asp net core app instead of abp template?
or can you share the configuration? Then I will try to reproduce it locally.
liming.ma@volosoft.com
-
0
Hi,
I have this in a barebones single tiered brand new 8.2 project. We also have a React client that is using the same configuration and it is working OK there, so just our ABP config is wrong.
The repo is private, at https://github.com/Flo3Digital/Flo3BlazorDevSingle/ , I have granted you write access. Could you take a look there and see if there is anything you can see that is misconfigured?
Thanks,
Karimi
-
0
Just FYI, my end goal here is to completely bypass the ABP Login / Register UI and just use Entra. I have been looking at this support ticket that you were also involved with that seems to have a lot of the problems already solved :
https://support.abp.io/QA/Questions/5928/How-to-assign-roles-to-Azure-AD-B2C-users
So I think if we can get through this initial configuration I will follow the steps in the above ticket to get to where I want to go.
Understanding that this could be a bit of a tricky implementation, maybe I can write up a Community Article once I get through this. I think many commercial users will want to auth with Entra solely, it is a very appealing use case.
Karim
-
0
hi
I will check your GitHub repos.
-
0
-
0
Hi, yes you can use this user:
abpsupport@gmail.com Notu801201
Or just create an account, everything including the AD Tenant is just for testing / debugging purposes and will be deleted once the problem is resolve.
Thanks,
Karim
-
0
hi
Please test this commit
https://github.com/Flo3Digital/Flo3BlazorDevSingle/commit/2df5d2e7546175eb22481cd774d8ac5d8652ae85
Thanks
-
0
I will make it compatible with
AddMicrosoftAccount
in the next version. -
0
-
0
There is a conflict between
WithDynamicOptions
andAddMicrosoftIdentityWebApp
; I will handle it in the next version. -
0
hi
The problem is the
options.CallbackPath = "/signin-oidc";
You can remove it and try again.
https://github.com/Flo3Digital/Flo3BlazorDevSingle/commit/fcf6281c3b09d4e58487213e35b5b07635a3aacd