- ABP Framework version: v9.0.2
- UI Type: MVC
- Database System: EF Core (SQL Server)
- **Tiered (for MVC) or Auth Server Separated: yes
- Exception message and full stack trace: I am back and forward on redirect URL after authenticating with Microsoft Azure AD
- Steps to reproduce the issue: I have added my configuration for OpenIdConnect and after that I am facing that issue. Also I am attaching video for reference as well. Video https://jmp.sh/jrphAyUq
These are the logs
2025-01-31 16:46:27.271 +05:30 [INF] Request starting HTTP/2 GET https://localhost:44362/Identity/OrganizationUnits - null null 2025-01-31 16:46:27.274 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri. 2025-01-31 16:46:27.275 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ResolveRequestUri. 2025-01-31 16:46:27.275 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+InferEndpointType. 2025-01-31 16:46:27.275 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by Volo.Abp.Account.Web.Pages.Account.OpenIddictImpersonateInferEndpointType. 2025-01-31 16:46:27.275 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateTransportSecurityRequirement. 2025-01-31 16:46:27.275 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateHostHeader. 2025-01-31 16:46:27.287 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ValidateHostHeader. 2025-01-31 16:46:27.287 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateValidatedTokens. 2025-01-31 16:46:27.288 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader. 2025-01-31 16:46:27.288 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm. 2025-01-31 16:46:27.288 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString. 2025-01-31 16:46:27.288 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens. 2025-01-31 16:46:27.288 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens. 2025-01-31 16:46:27.288 +05:30 [DBG] AuthenticationScheme: OpenIddict.Validation.AspNetCore was not authenticated. 2025-01-31 16:46:27.295 +05:30 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.OrganizationUnits 2025-01-31 16:46:27.296 +05:30 [INF] AuthenticationScheme: OpenIdConnect was challenged. 2025-01-31 16:46:27.300 +05:30 [INF] Request finished HTTP/2 GET https://localhost:44362/Identity/OrganizationUnits - 302 null null 29.4896ms
115 Answer(s)
-
0
hi
Can you share your host startup module code?
-
0
-
0
hi
The
NextGen.Portal.Web
module.eg:
NextGenPortalWebModule.cs
-
0
Do you want to check specific code block ?
Due to character limitation i can not paste whole file code.
-
0
hi
You can share it with liming.ma@volosoft.com
-
0
liming.ma@volosoft.com
Ok I have sent email on provided email address.
Can you please check and confirm?
-
0
hi
I received it. I will check it asap.
-
0
hi
I received it. I will check it asap.
This feature is very important for us, So please provide a solution so that we can give demo to our clients.
-
0
ok
-
0
hi
Can you try to set the
SignInScheme
of theAddOpenIdConnect
toIdentityConstants.ExternalScheme
?private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration) { //Add authentication using Azure AD context.Services.AddAuthentication().AddOpenIdConnect(options => { options.ClientId = configuration["Authentication:AzureAd:ClientId"]; options.ClientSecret = configuration["Authentication:AzureAd:ClientSecret"]; options.Authority = configuration["Authentication:AzureAd:Authority"]; options.CallbackPath = configuration["Authentication:AzureAd:CallbackPath"]; options.ResponseType = OpenIdConnectResponseType.Code; options.SaveTokens = true; options.Scope.Clear(); options.Scope.Add("openid"); options.Scope.Add("profile"); options.Scope.Add("email"); //options.Scope.Add("offline_access"); options.SignInScheme = IdentityConstants.ExternalScheme; options.Events = new OpenIdConnectEvents { OnTokenValidated = context => { // Log token claims var claims = context.Principal.Claims; foreach (var claim in claims) { Console.WriteLine($"{claim.Type}: {claim.Value}"); } return Task.CompletedTask; }, OnAuthenticationFailed = context => { Console.WriteLine($"Authentication failed: {context.Exception.Message}"); return Task.CompletedTask; } }; }); context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options => { options.IsDynamicClaimsEnabled = true; }); }
-
0
hi
Can you try to set the
SignInScheme
of theAddOpenIdConnect
toIdentityConstants.ExternalScheme
?private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration) { //Add authentication using Azure AD context.Services.AddAuthentication().AddOpenIdConnect(options => { options.ClientId = configuration["Authentication:AzureAd:ClientId"]; options.ClientSecret = configuration["Authentication:AzureAd:ClientSecret"]; options.Authority = configuration["Authentication:AzureAd:Authority"]; options.CallbackPath = configuration["Authentication:AzureAd:CallbackPath"]; options.ResponseType = OpenIdConnectResponseType.Code; options.SaveTokens = true; options.Scope.Clear(); options.Scope.Add("openid"); options.Scope.Add("profile"); options.Scope.Add("email"); //options.Scope.Add("offline_access"); options.SignInScheme = IdentityConstants.ExternalScheme; options.Events = new OpenIdConnectEvents { OnTokenValidated = context => { // Log token claims var claims = context.Principal.Claims; foreach (var claim in claims) { Console.WriteLine($"{claim.Type}: {claim.Value}"); } return Task.CompletedTask; }, OnAuthenticationFailed = context => { Console.WriteLine($"Authentication failed: {context.Exception.Message}"); return Task.CompletedTask; } }; }); context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options => { options.IsDynamicClaimsEnabled = true; }); }
Ok let me check and try.
-
0
I am adding logs here after applying the changes Also, I trying user which is not exist in my database. So as per my understanding when I authenticated from Azure AD then User Registration screen needs to appear to create a user in my local database.
2025-02-03 14:59:36.788 +05:30 [INF] AuthenticationScheme: OpenIdConnect was challenged. 2025-02-03 14:59:36.794 +05:30 [INF] Request finished HTTP/2 GET https://localhost:44362/Identity/OrganizationUnits - 302 null null 40.0161ms 2025-02-03 14:59:38.505 +05:30 [INF] Request starting HTTP/2 POST https://localhost:44362/signin-oidc - application/x-www-form-urlencoded 2229 2025-02-03 14:59:38.516 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri. 2025-02-03 14:59:38.516 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ResolveRequestUri. 2025-02-03 14:59:38.516 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+InferEndpointType. 2025-02-03 14:59:38.516 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by Volo.Abp.Account.Web.Pages.Account.OpenIddictImpersonateInferEndpointType. 2025-02-03 14:59:38.516 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateTransportSecurityRequirement. 2025-02-03 14:59:38.516 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateHostHeader. 2025-02-03 14:59:38.935 +05:30 [INF] AuthenticationScheme: Identity.External signed in. 2025-02-03 14:59:38.937 +05:30 [INF] Request finished HTTP/2 POST https://localhost:44362/signin-oidc - 302 null null 432.7245ms 2025-02-03 14:59:38.971 +05:30 [INF] Request starting HTTP/2 GET https://localhost:44362/Identity/OrganizationUnits - null null 2025-02-03 14:59:38.976 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri. 2025-02-03 14:59:38.976 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ResolveRequestUri. 2025-02-03 14:59:38.976 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+InferEndpointType. 2025-02-03 14:59:38.976 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by Volo.Abp.Account.Web.Pages.Account.OpenIddictImpersonateInferEndpointType. 2025-02-03 14:59:38.976 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateTransportSecurityRequirement. 2025-02-03 14:59:38.976 +05:30 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateHostHeader. 2025-02-03 14:59:38.980 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ValidateHostHeader. 2025-02-03 14:59:38.980 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateValidatedTokens. 2025-02-03 14:59:38.980 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader. 2025-02-03 14:59:38.980 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm. 2025-02-03 14:59:38.980 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString. 2025-02-03 14:59:38.980 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens. 2025-02-03 14:59:38.980 +05:30 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens. 2025-02-03 14:59:38.980 +05:30 [DBG] AuthenticationScheme: OpenIddict.Validation.AspNetCore was not authenticated. 2025-02-03 14:59:38.984 +05:30 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.OrganizationUnits 2025-02-03 14:59:38.984 +05:30 [INF] AuthenticationScheme: OpenIdConnect was challenged. 2025-02-03 14:59:38.986 +05:30 [INF] Request finished HTTP/2 GET https://localhost:44362/Identity/OrganizationUnits - 302 null null 14.988ms
-
0
hi
How did you invoke the
Challenge
method ofoidc
?var provider = "oidc"; var redirectUrl = "Account/Login?handler=ExternalLoginCallback"; var properties = SignInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl); properties.Items["scheme"] = provider; return Challenge(properties, provider);
-
0
No, I am using default code provided by template.
-
0
hi
No, I am using default code provided by template.
Please share the code.
Thanks.
-
0
From which file I need to share the code?
-
0
hi
You are not changing the
DefaultChallengeScheme
andDefaultScheme
now.options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
The login/register page should have a new external login option(
Microsoft Azure AD
).You can click it to sign in with
Microsoft Azure AD.
https://abp.io/docs/latest/modules/account-pro#manage-external-logins
-
0
-
0
-
0
hi
Do not change the
DefaultChallengeScheme and DefaultScheme
Add your
Microsoft Azure AD
as a new external login provider.https://abp.io/support/questions/8731/OpenIdConnect-redirection-issue#answer-3a17dd15-9114-1a35-38c6-6175b1248df7
-
0
-
0
yes, can you check the login/register page?
-
0
-
0
hi
Can you share your project?
liming.ma@volosoft.com
I will download and check your code.
Thanks.
-
0
Ok I will share with given email address.