2

Currently I'm having a hard time trying to figure this out...

I have an Azure B2C Angular SPA app that uses MSAL in the front-end. In the back-end it's ASP.NET MVC with full .NET Framework.

I had an application working beautifully with ADAL in the front-end (SPA app) and app.UseWindowsAzureActiveDirectoryBearerAuthentication in the back-end (ASP.NET MVC).

Now I'm working with Azure B2C and making use of MSAL.

I can login with MSAL in the front-end but the middleware configured in the backend ASP.NET MVC won't fire.

app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
    // Generate the metadata address using the tenant and policy information
    MetadataAddress = String.Format(AadInstance, Tenant, DefaultPolicy),

    ResponseType = OpenIdConnectResponseType.CodeIdToken,

   // These are standard OpenID Connect parameters, with values pulled from web.config
    ClientId = ClientId,
    RedirectUri = RedirectUri,
    PostLogoutRedirectUri = RedirectUri,

    // Specify the callbacks for each type of notifications
    Notifications = new OpenIdConnectAuthenticationNotifications
    {
        RedirectToIdentityProvider = OnRedirectToIdentityProvider,
        AuthorizationCodeReceived = OnAuthorizationCodeReceived,
        AuthenticationFailed = OnAuthenticationFailed,
    },

    // Specify the claim type that specifies the Name property.
    TokenValidationParameters = new TokenValidationParameters
    {
        NameClaimType = "name"
    },

    // Specify the scope by appending all of the scopes requested into one string (separated by a blank space)
    Scope = $"openid profile offline_access user_impersonation"
}
);

In the front-end I call:

msalService.loginPopup();

$rootScope.$on("msal:loginSuccess", function () {
    console.log("loginSuccess");

    var token = msalService.userInfo.idToken;
});

I get the id token and the login happens successfully...

I put breakpoints in all notification handlers inside the OWIN middleware:

  • OnRedirectToIdentityProvider
  • OnAuthorizationCodeReceived
  • OnAuthenticationFailed

but the debugger never stops there, that is, the middleware code is not being called.

Why is the notification handlers not being fired? Am I missing something or using the wrong middleware?

Ultimately what I want to achieve is to be able to extract the id_token inside the middleware and do some back-end additional logic\processing. Add custom claims, etc. I was able to do this using ADAL and the UseWindowsAzureActiveDirectoryBearerAuthentication middleware as I mentioned before. Right after the user logged in I had the opportunity to hook into the middleware's notifications.

Leniel Maccaferri
  • 100,159
  • 46
  • 371
  • 480

1 Answers1

0

Well... turns out that this app I'm working on was messing up with cookies in the front-end and that was causing some conflict with the token set by MSAL. As soon as I removed cookie related code, the OWIN notification handler was hit when making the XHR request.

I got to that conclusion when I checked Chrome Developer Tools and saw there was an invalid authorization header being sent. It had [Object object] as value.

enter image description here

However I had to change the OWIN middleware. It's now app.UseOAuthBearerAuthentication:

app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
    AccessTokenFormat = new JwtFormat(tvps, new OpenIdConnectCachingSecurityTokenProvider(string.Format(AadInstance, Tenant, DefaultPolicy))),

    Provider = new OAuthBearerAuthenticationProvider
    {
        OnValidateIdentity = async context =>
        {
            try
            {
                 .
                 .
                 .
            }
        }
    }
}

Now the OnValidateIdentity is hit every time a request reaches the back-end server and I have the opportunity to check claims or add new ones.

Leniel Maccaferri
  • 100,159
  • 46
  • 371
  • 480