Open Closed

ABP and AddMicrosoftIdentityWebApp #3735


User avatar
0
ysp created

I have an issue very similar to this: https://support.abp.io/QA/Questions/2666/Implementing-MicrosoftGraph-in-ABP-App

ABP Framework version: v5.3.4

UI type: Angular

DB provider: EF Core

Tiered (MVC) or Identity Server Separated (Angular): no

We are attempting to incorporate support for calling Microsoft Graph APIs in our ABP application, using the Microsoft.Graph package. We've already successfully implemented authentication using Azure AD accounts according to the directions in this post: https://community.abp.io/posts/how-to-use-the-azure-active-directory-authentication-for-mvc-razor-page-applications-4603b9cf (we used the second approach, using AddMicrosoftIdentityWebApp).

However, when attempting AddMicrosoftIdentityWebApp, login with Azure AD no longer works (when Azure AD is selected as the login option, the login page reloads without logging in). Here is the code for configuring the authentication:

context.Services
    // Use OpenId authentication
    .AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)


    // Specify this is a web app and needs auth code flow
    .AddMicrosoftIdentityWebApp(options =>
    {
        configuration.Bind("AzureAd", options);
        options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/";

        options.Scope.Add("email user.read");
        options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");

        // This causes the signin to prompt the user for which
        // account to use - useful when there are multiple accounts signed
        // into the browser
        options.Prompt = "select_account";

        options.TokenValidationParameters.SaveSigninToken = true;
        options.RequireHttpsMetadata = false;
        options.SaveTokens = true;
        options.GetClaimsFromUserInfoEndpoint = true;

    })
    // Add ability to call web API (Graph)
    // and get access tokens
    .EnableTokenAcquisitionToCallDownstreamApi(options => { }, GraphConstants.Scopes)
    // Add a GraphServiceClient via dependency injection
    .AddMicrosoftGraph(options =>
    {
        options.Scopes = string.Join(' ', GraphConstants.Scopes);
    })
    // Use in-memory token cache
    // See https://github.com/AzureAD/microsoft-identity-web/wiki/token-cache-serialization
    .AddInMemoryTokenCaches();

Does this option work with ABP?


3 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Is this can help you? https://support.abp.io/QA/Questions/1672/Access-Token-Conflict-while-Integrating-with-Microsoft-Graph

  • User Avatar
    0
    ysp created

    Hi, Do you mean that i don't use AddMicrosoftIdentityWebApp, but instead just use .AddOpenIdConnect instead with IConfidentialClientApplication? Is it not possible to use AddMicrosoftIdentityWebApp?

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    AddMicrosoftIdentityWebApp is basically using the OpenIdConnect. Try getting token manually and calling the Graph API as in the sample above since we don't have direct support for Microsoft Graph API.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19