Hello,
I have a Blazor WASM + Maui Blazor project + API project in which I have implemented the login through a Microsoft account. I also use OpenIDDict
The logout process is done by calling the following code:
MAUI Blazor:
NavigationManager.NavigateToLogout("/account/logout");
Blazor Web App:
NavigationManager.NavigateToLogout("/authentication/logout");
In both cases, it logs me out of my application, but it does not log me out of Microsoft Entra. This means that when the users tries to log in again through Microsoft Entra, they're automatically logged back in with the same account.
Should the logout process of Abp.IO also send a logout request to my Microsoft Entra account, or do I need to do some extra steps?
Thanks!
I was also able to get the following error through the Azure event log
EventId: 1 SpanId: c2c679515a9491fd TraceId: 6f1fd8a38b0d964b37ec6b4a8be97680 ParentId: 0000000000000000 RequestId: 400000d8-0000-9800-b63f-84710c7967bb RequestPath: /signin-microsoft-workforce An unhandled exception has occurred while executing the request. Exception: Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login. ---> Microsoft.AspNetCore.Authentication.AuthenticationFailureException: The oauth state was missing or invalid. --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
[maliming] said: hi
/signin-microsoft-workforce/signin-microsoft-workflowIs there a spelling mistake?
Thanks.
Yes, I apologize, /signin-microsoft-workforce is the callback url that's actually used
Check the docs before asking a question: https://abp.io/docs/latest Check the samples to see the basic tasks: https://abp.io/docs/latest/samples The exact solution to your question may have been answered before, and please first use the search on the homepage.
I am attempting to implement two Microsoft Entra accounts for single-sign in. I am using two calls to AddMicrosoftAccount
var authBuilder = context.Services.AddAuthentication();
var tenantUrl = configuration["AzureEntraMembers:MicrosoftLoginUrl"];
tenantUrl = tenantUrl.TrimEnd('/');
authBuilder.AddMicrosoftAccount(PSACAuthenticationSchemes.MembersEntra, options =>
{
options.ClientId = configuration["AzureEntraMembers:ClientId"]!;
options.ClientSecret = configuration["AzureEntraMembers:ClientSecret"]!;
options.CallbackPath = "/signin-microsoft";
options.AuthorizationEndpoint = $"{tenantUrl}/oauth2/v2.0/authorize";
options.TokenEndpoint = $"{tenantUrl}/oauth2/v2.0/token";
options.ClaimActions.MapCustomJson("picture", _ => "[https://graph.microsoft.com/v1.0/me/photo/$value");](https://graph.microsoft.com/v1.0/me/photo/$value");)
options.SaveTokens = true;
});
var staffTenantUrl = configuration["AzureEntraWorkforce:MicrosoftLoginUrl"];
staffTenantUrl = staffTenantUrl.TrimEnd('/');
authBuilder.AddMicrosoftAccount(PSACAuthenticationSchemes.WorkforceEntra, options =>
{
options.ClientId = configuration["AzureEntraWorkforce:ClientId"]!;
options.ClientSecret = configuration["AzureEntraWorkforce:ClientSecret"]!;
options.CallbackPath = "/signin-microsoft-workforce";
<br>
if (!string.IsNullOrEmpty(staffTenantUrl))
{
options.AuthorizationEndpoint = $"{staffTenantUrl}/oauth2/v2.0/authorize";
options.TokenEndpoint = $"{staffTenantUrl}/oauth2/v2.0/token";
}
options.SaveTokens = true;
});
What happens: it works when I test on localhost, but as soon as I deploy on Azure I get a 404 error when calling /signin-microsoft-workflow. The page displays the error: The resource you are looking for has been removed, had its name changed, or is temporarily unavailable. The weird thing is that my other SSO (callback url: /signin-microsoft) works.
I have verified that my App Registration callbacks are properly configured.
Can you provide me possible causes why I get an error only on /signin-microsoft-workforce callback?
