Open Closed

Storing the user information from the AzureAD using SSO #8467

User avatar
0
Sundar created

Hi,

I am new to abp.io framework and we tried in exploring the functionality of SSO using AzureAD and we did able to get that working with the help of the documentation provided in the website. We are facing 2 challenges currently and highly appreciate if someone can help us.

  1. After the successful login verification using openid , the application is not allowing the user to enter into the site instead it is circling back to the login page again. Not sure what i am missing.

  2. But we would like to store the user information after the user credentials is verified.

Thanks Sundar

  public override void ConfigureServices(ServiceConfigurationContext context)
  {
      var hostingEnvironment = context.Services.GetHostingEnvironment();
      var configuration = context.Services.GetConfiguration();
 

      context.Services.AddAuthentication()
      //.AddMicrosoftIdentityWebApp(configuration, "AzureAd", OpenIdConnectDefaults.AuthenticationScheme)
      //.EnableTokenAcquisitionToCallDownstreamApi()
      //.AddInMemoryTokenCaches();

      .AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options =>
      {
          options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/";
          options.ClientId = configuration["AzureAd:ClientId"];
          options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
          options.CallbackPath = configuration["AzureAd:CallbackPath"];
          options.ClientSecret = configuration["AzureAd:ClientSecret"];
          options.RequireHttpsMetadata = false;
          options.SaveTokens = true;
          options.GetClaimsFromUserInfoEndpoint = true;
          options.Scope.Add("email");

          options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
      });

      if (!configuration.GetValue<bool>("App:DisablePII"))
      {
          Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
          Microsoft.IdentityModel.Logging.IdentityModelEventSource.LogCompleteSecurityArtifact = true;
      }

      if (!configuration.GetValue<bool>("AuthServer:RequireHttpsMetadata"))
      {
          Configure<OpenIddictServerAspNetCoreOptions>(options =>
          {
              options.DisableTransportSecurityRequirement = true;
          });
          
          Configure<ForwardedHeadersOptions>(options =>
          {
              options.ForwardedHeaders = ForwardedHeaders.XForwardedProto;
          });
      }

      ConfigureBundles();
      ConfigureUrls(configuration);
      ConfigurePages(configuration);
      ConfigureImpersonation(context, configuration);
      ConfigureHealthChecks(context);
      ConfigureCookieConsent(context);
      ConfigureAuthentication(context);
      ConfigureAutoMapper();
      ConfigureVirtualFileSystem(hostingEnvironment);
      ConfigureNavigationServices();
      ConfigureAutoApiControllers();
      ConfigureSwaggerServices(context.Services);
      ConfigureTheme();

      Configure<PermissionManagementOptions>(options =>
      {
          options.IsDynamicPermissionStoreEnabled = true;
      });
      
      Configure<RazorPagesOptions>(options =>
      {
          options.Conventions.AuthorizePage("/Books/Index", TitanSecurityPermissions.Books.Default);
          options.Conventions.AuthorizePage("/Books/CreateModal", TitanSecurityPermissions.Books.Create);
          options.Conventions.AuthorizePage("/Books/EditModal", TitanSecurityPermissions.Books.Edit);
      });
  }
Go to accepted answer
5 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    After the successful login verification using openid , the application is not allowing the user to enter into the site instead it is circling back to the login page again. Not sure what i am missing.

    What do you mean? Can you share a GIF to show that?

    But we would like to store the user information after the user credentials is verified.

    There is an OnUserInformationReceived event of OpenIdConnect, You can get user info and store it in this method.

    .AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options =>
{
  options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/";
  options.ClientId = configuration["AzureAd:ClientId"];
  options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
  options.CallbackPath = configuration["AzureAd:CallbackPath"];
  options.ClientSecret = configuration["AzureAd:ClientSecret"];
  options.RequireHttpsMetadata = false;
  options.SaveTokens = true;
  options.GetClaimsFromUserInfoEndpoint = true;
  options.Scope.Add("email");

  options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
  
  options.Events = new OpenIdConnectEvents()
    {
        OnUserInformationReceived = c =>
        {

        }
    };

});
  • User Avatar
    0
    Sundar created

    Hi,

    I mean that after sucessful AzureAD validation , it does shows the Register Page without email and password.

    Thanks ============\

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Hi

    The register page inputs are empty that’s mean abp doesn’t get the email claim after sucessful AzureAD validation.

  • User Avatar
    0
    Sundar created

    Hi ,

    I am not sure whether it is a bug or missing any configuration.

    Thanks Sundar

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can override the Register page to see the claims getting from Azure.

    Volo.Abp.Account.Public.Web.Pages.Account.RegisterModel

Assignee
User avatar maliming
Labels
None yet
Made with ❤️ on ABP v9.1.0-preview. Updated on December 30, 2024, 14:53