microsoft-identity-web: [Bug] signInManager.GetExternalLoginInfoAsync() always returns null

Which Version of Microsoft Identity Web are you using ? Microsoft Identity Web 0.1.1-preview

Application

  1. Create new project -> ASP.NET Core Web Application -> Web Application (Model-View-Controller). Authentication: Individual User Accounts (Store user accounts in-app).
  2. Replace AddAzureAd with AddSignIn

for details see https://github.com/AzureAD/microsoft-identity-web/issues/133#issuecomment-621042225 below

In this I only added two things: Where is the issue? -> Sign-in user

In our application we use .NET Core Identity Framework (local DB) and external login provider. So we have multiple authentication provider and some users sign in directly (via .NET Core Identity Framework) and some via AAD. Calling signInManager.GetExternalLoginInfoAsync() leads to null return value with the updated code. Maybe it has to do with the appsettings property "CookieSchemeName": "Identity.External". Because this was necessary to get external AAD login working. As stated here. Maybe it will be ignored by now.

So we replaced the following code:

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
    .AddAzureAD(options => Configuration.Bind("AzureAd", options));

with that one:

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
	.AddSignIn(Configuration, "AzureAd", subscribeToOpenIdConnectMiddlewareDiagnosticsEvents: true);

appsettings.json section was not modified:

"AzureAd": {
	"Instance": "https://login.microsoftonline.com/",
	"Domain": "xyz.com",
	"TenantId": "AEEE9884-9E13-41E7-A25F-304C44407A78",
	"ClientId": "787EBDED-B77E-4CFC-BAA0-2D2B00C41B4F",
	"CallbackPath": "/signin-oidc",
	"SignedOutCallbackPath ": "/signout-callback-oidc",
	"CookieSchemeName": "Identity.External"
}

Login with the “old” code leads to the following log entries:

Anforderung gestartet: "POST" https://localhost:44338/Account/ExternalLogin?returnurl=%2F
[11:51:27 INF] Request starting HTTP/2.0 POST https://localhost:44338/Account/ExternalLogin?returnurl=%2F application/x-www-form-urlencoded 199
[11:51:27 DBG] POST requests are not supported
[11:51:27 DBG] 1 candidate(s) found for the request path '/Account/ExternalLogin'
[11:51:27 DBG] Endpoint 'Monitoring.Controllers.AccountController.ExternalLogin (ToSec.Presentation)' with route pattern '{controller=Home}/{action=Index}/{id?}' is valid for the request path '/Account/ExternalLogin'
[11:51:27 DBG] Request matched endpoint 'Monitoring.Controllers.AccountController.ExternalLogin (ToSec.Presentation)'
[11:51:27 DBG] AuthenticationScheme: Identity.Application was not authenticated.
[11:51:27 INF] Executing endpoint 'Monitoring.Controllers.AccountController.ExternalLogin (ToSec.Presentation)'
[11:51:27 INF] Route matched with {action = "ExternalLogin", controller = "Account", area = "", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult ExternalLogin(System.String, System.String) on controller Monitoring.Controllers.AccountController (ToSec.Presentation).
[11:51:27 DBG] Execution plan of authorization filters (in the following order): ["Microsoft.AspNetCore.Mvc.RequireHttpsAttribute (Order: -2147483598)", "Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter"]
[11:51:27 DBG] Execution plan of resource filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"]
[11:51:27 DBG] Execution plan of action filters (in the following order): ["Microsoft.AspNetCore.Mvc.Filters.ControllerActionFilter (Order: -2147483648)", "Microsoft.AspNetCore.Mvc.ModelBinding.UnsupportedContentTypeFilter (Order: -3000)", "ToSec.Presentation.Filters.GlobalActionFilter"]
[11:51:27 DBG] Execution plan of exception filters (in the following order): ["None"]
[11:51:27 DBG] Execution plan of result filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"]
[11:51:27 DBG] Antiforgery successfully validated a request.
[11:51:27 DBG] Executing controller factory for controller Monitoring.Controllers.AccountController (ToSec.Presentation)
[11:51:27 DBG] Executed controller factory for controller Monitoring.Controllers.AccountController (ToSec.Presentation)
[11:51:27 DBG] Attempting to bind parameter 'provider' of type 'System.String' ...
[11:51:27 DBG] Attempting to bind parameter 'provider' of type 'System.String' using the name 'provider' in request data ...
[11:51:27 DBG] Done attempting to bind parameter 'provider' of type 'System.String'.
[11:51:27 DBG] Done attempting to bind parameter 'provider' of type 'System.String'.
[11:51:27 DBG] Attempting to validate the bound parameter 'provider' of type 'System.String' ...
[11:51:27 DBG] Done attempting to validate the bound parameter 'provider' of type 'System.String'.
[11:51:27 DBG] Attempting to bind parameter 'returnUrl' of type 'System.String' ...
[11:51:27 DBG] Attempting to bind parameter 'returnUrl' of type 'System.String' using the name 'returnUrl' in request data ...
[11:51:27 DBG] Done attempting to bind parameter 'returnUrl' of type 'System.String'.
[11:51:27 DBG] Done attempting to bind parameter 'returnUrl' of type 'System.String'.
[11:51:27 DBG] Attempting to validate the bound parameter 'returnUrl' of type 'System.String' ...
[11:51:27 DBG] Done attempting to validate the bound parameter 'returnUrl' of type 'System.String'.
[11:51:27 DBG] Found the endpoints ["Route: {controller=Home}/{action=Index}/{id?}"] for address Microsoft.AspNetCore.Routing.RouteValuesAddress
[11:51:27 DBG] Successfully processed template {controller=Home}/{action=Index}/{id?} for Route: {controller=Home}/{action=Index}/{id?} resulting in /Account/ExternalLoginCallback and ?ReturnUrl=%2F
[11:51:27 DBG] Link generation succeeded for endpoints ["Route: {controller=Home}/{action=Index}/{id?}"] with result /Account/ExternalLoginCallback?ReturnUrl=%2F
[11:51:27 INF] Executing ChallengeResult with authentication schemes (["AzureAD"]).
[11:51:28 DBG] HandleChallenge with Location: https://login.microsoftonline.com/AEEE9884-9E13-41E7-A25F-304C44407A78/oauth2/authorize?client_id=787EBDED-B77E-4CFC-BAA0-2D2B00C41B4F&redirect_uri=https%3A%2F%2Flocalhost%3A44338%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=637236642882492420.OGM1ZjUwYmQtNDhlNy00MjBhLTgwOGQtNjJiMmI3MDhmYWU1ODQwNzMyYmItZWZhMy00MjU4LWFlOTUtNWYxMDNhNDVlZTZj&state=CfDJ8DR5ohJGZplEj7fE6niEf5TIKMEHyRD-oDyJtjJbZcP6NIYNFr0sxKhd_tM0GOUeD0V-3YOM-0ZN0IQAgzVxqmVT-gd3huPfKtjoeUwE3XeBqh90cmNRV1GA272tumVVvtus4mvzfvFV86lXKgZNAj5L45PtvUbFqaNSxOedOxqA5Z-iryRClLHJGEgzRPTKaVFPKGP9HIao84jWLj2I1Vt_D4LW_upKDHMe9pKyz44sOtKqk5QZBBi-L5vUTwWlvmCneQAf_-HK9FDmh7jxfFN1ivv1y4vizTCjbPhYmKu9Asg0y161fHJUGjXFXjizyM5d--AaIpOjYVoOkhUs7uQP65_tGIDvLuaHoQitGEECRbZ323FzDy4BJGedvN2Lig&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0; and Set-Cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8DR5ohJGZplEj7fE6niEf5QkFlfME3SuURGltzRK9258MMeLcTGJ4L9xT4IsOorGHJP6h6QnzMomF3KcTPNXm8W9sucd8y0k9-evg9Js7m1sOKX9S2U3PDqU3-vDyN_gTvY2wzWhrX5vV2m7RuHP8Gg3pP4Rei8XWYz_kHT0qKLw6CP4C--YUzRA0_EIrySyz7L78WS4L-jJG3yy6m2Qg8v0aUt08VfTZXnD80T77zn6xTy2IvALDXCwWZEuyfva3XafcS1vpd-UkwWiLKoyWWU=N; expires=Tue, 28 Apr 2020 10:06:28 GMT; path=/signin-oidc; secure; samesite=none; httponly,.AspNetCore.Correlation.AzureADOpenID.gSC-tfIIol9Bk8uJuoIMlrNGq4mmXHPXYc1-5p2xhoE=N; expires=Tue, 28 Apr 2020 10:06:28 GMT; path=/signin-oidc; secure; samesite=none; httponly.
[11:51:28 INF] AuthenticationScheme: AzureADOpenID was challenged.
[11:51:28 INF] Executed action Monitoring.Controllers.AccountController.ExternalLogin (ToSec.Presentation) in 606.8715ms
[11:51:28 INF] Executed endpoint 'Monitoring.Controllers.AccountController.ExternalLogin (ToSec.Presentation)'
[11:51:28 INF] HTTP POST /Account/ExternalLogin?returnurl=%2F responded 302 in 644.2759 ms
Response sent: https://localhost:44338/Account/ExternalLogin?returnurl=%2F with HTTP status 302.0
Response sent: https://localhost:44338/Account/ExternalLogin?returnurl=%2F with HTTP status 302.0
[11:51:28 INF] Request finished in 652.3097ms 302 
Response sent: https://localhost:44338/Account/ExternalLogin?returnurl=%2F with HTTP status 302.0
Anforderung gestartet: "POST" https://localhost:44338/signin-oidc
[11:51:28 INF] Request starting HTTP/2.0 POST https://localhost:44338/signin-oidc application/x-www-form-urlencoded 1907
[11:51:28 DBG] POST requests are not supported
[11:51:28 DBG] No candidates found for the request path '/signin-oidc'
[11:51:28 DBG] Request did not match any endpoints
[11:51:28 DBG] Updating configuration
[11:51:28 DBG] Received 'id_token'
[11:51:28 INF] AuthenticationScheme: Identity.External signed in.
[11:51:28 INF] HTTP POST /signin-oidc responded 302 in 208.8467 ms
Response sent: https://localhost:44338/signin-oidc with HTTP status 302.0
Response sent: https://localhost:44338/signin-oidc with HTTP status 302.0
[11:51:28 INF] Request finished in 212.6102ms 302 
Response sent: https://localhost:44338/signin-oidc with HTTP status 302.0
Anforderung gestartet: "GET" https://localhost:44338/Account/ExternalLoginCallback?ReturnUrl=%2F
[11:51:28 INF] Request starting HTTP/2.0 GET https://localhost:44338/Account/ExternalLoginCallback?ReturnUrl=%2F  
[11:51:28 DBG] The request path /Account/ExternalLoginCallback does not match a supported file type
[11:51:28 DBG] 1 candidate(s) found for the request path '/Account/ExternalLoginCallback'
[11:51:28 DBG] Endpoint 'Monitoring.Controllers.AccountController.ExternalLoginCallback (ToSec.Presentation)' with route pattern '{controller=Home}/{action=Index}/{id?}' is valid for the request path '/Account/ExternalLoginCallback'
[11:51:28 DBG] Request matched endpoint 'Monitoring.Controllers.AccountController.ExternalLoginCallback (ToSec.Presentation)'
[11:51:28 DBG] AuthenticationScheme: Identity.Application was not authenticated.
[11:51:28 INF] Executing endpoint 'Monitoring.Controllers.AccountController.ExternalLoginCallback (ToSec.Presentation)'
[11:51:28 INF] Route matched with {action = "ExternalLoginCallback", controller = "Account", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] ExternalLoginCallback(System.String, System.String) on controller Monitoring.Controllers.AccountController (ToSec.Presentation).
[11:51:28 DBG] Execution plan of authorization filters (in the following order): ["Microsoft.AspNetCore.Mvc.RequireHttpsAttribute (Order: -2147483598)"]
[11:51:28 DBG] Execution plan of resource filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"]
[11:51:28 DBG] Execution plan of action filters (in the following order): ["Microsoft.AspNetCore.Mvc.Filters.ControllerActionFilter (Order: -2147483648)", "Microsoft.AspNetCore.Mvc.ModelBinding.UnsupportedContentTypeFilter (Order: -3000)", "ToSec.Presentation.Filters.GlobalActionFilter"]
[11:51:28 DBG] Execution plan of exception filters (in the following order): ["None"]
[11:51:28 DBG] Execution plan of result filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"]
[11:51:28 DBG] Executing controller factory for controller Monitoring.Controllers.AccountController (ToSec.Presentation)
[11:51:28 DBG] Executed controller factory for controller Monitoring.Controllers.AccountController (ToSec.Presentation)
[11:51:28 DBG] Attempting to bind parameter 'returnUrl' of type 'System.String' ...
[11:51:28 DBG] Attempting to bind parameter 'returnUrl' of type 'System.String' using the name 'returnUrl' in request data ...
[11:51:28 DBG] Done attempting to bind parameter 'returnUrl' of type 'System.String'.
[11:51:28 DBG] Done attempting to bind parameter 'returnUrl' of type 'System.String'.
[11:51:28 DBG] Attempting to validate the bound parameter 'returnUrl' of type 'System.String' ...
[11:51:28 DBG] Done attempting to validate the bound parameter 'returnUrl' of type 'System.String'.
[11:51:28 DBG] Attempting to bind parameter 'remoteError' of type 'System.String' ...
[11:51:28 DBG] Could not find a value in the request with name '' for binding parameter 'remoteError' of type 'System.String'.
[11:51:28 DBG] Done attempting to bind parameter 'remoteError' of type 'System.String'.
[11:51:28 DBG] Done attempting to bind parameter 'remoteError' of type 'System.String'.
[11:51:28 DBG] Attempting to validate the bound parameter 'remoteError' of type 'System.String' ...
[11:51:28 DBG] Done attempting to validate the bound parameter 'remoteError' of type 'System.String'.
[11:51:28 DBG] AuthenticationScheme: Identity.External was successfully authenticated.

Login with the “new” code leads to the following log entries:

Anforderung gestartet: "POST" https://localhost:44338/Account/ExternalLogin?returnurl=%2F
[11:57:48 INF] Request starting HTTP/2.0 POST https://localhost:44338/Account/ExternalLogin?returnurl=%2F application/x-www-form-urlencoded 205
[11:57:48 DBG] POST requests are not supported
[11:57:48 DBG] 1 candidate(s) found for the request path '/Account/ExternalLogin'
[11:57:48 DBG] Endpoint 'Monitoring.Controllers.AccountController.ExternalLogin (ToSec.Presentation)' with route pattern '{controller=Home}/{action=Index}/{id?}' is valid for the request path '/Account/ExternalLogin'
[11:57:48 DBG] Request matched endpoint 'Monitoring.Controllers.AccountController.ExternalLogin (ToSec.Presentation)'
[11:57:48 DBG] AuthenticationScheme: Identity.Application was not authenticated.
[11:57:48 INF] Executing endpoint 'Monitoring.Controllers.AccountController.ExternalLogin (ToSec.Presentation)'
[11:57:48 INF] Route matched with {action = "ExternalLogin", controller = "Account"}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult ExternalLogin(System.String, System.String) on controller Monitoring.Controllers.AccountController (ToSec.Presentation).
[11:57:48 DBG] Execution plan of authorization filters (in the following order): ["Microsoft.AspNetCore.Mvc.RequireHttpsAttribute (Order: -2147483598)", "Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter"]
[11:57:48 DBG] Execution plan of resource filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"]
[11:57:48 DBG] Execution plan of action filters (in the following order): ["Microsoft.AspNetCore.Mvc.Filters.ControllerActionFilter (Order: -2147483648)", "Microsoft.AspNetCore.Mvc.ModelBinding.UnsupportedContentTypeFilter (Order: -3000)", "ToSec.Presentation.Filters.GlobalActionFilter"]
[11:57:48 DBG] Execution plan of exception filters (in the following order): ["None"]
[11:57:48 DBG] Execution plan of result filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"]
[11:57:48 DBG] Antiforgery successfully validated a request.
[11:57:48 DBG] Executing controller factory for controller Monitoring.Controllers.AccountController (ToSec.Presentation)
[11:57:48 DBG] Executed controller factory for controller Monitoring.Controllers.AccountController (ToSec.Presentation)
[11:57:48 DBG] Attempting to bind parameter 'provider' of type 'System.String' ...
[11:57:48 DBG] Attempting to bind parameter 'provider' of type 'System.String' using the name 'provider' in request data ...
[11:57:48 DBG] Done attempting to bind parameter 'provider' of type 'System.String'.
[11:57:48 DBG] Done attempting to bind parameter 'provider' of type 'System.String'.
[11:57:48 DBG] Attempting to validate the bound parameter 'provider' of type 'System.String' ...
[11:57:48 DBG] Done attempting to validate the bound parameter 'provider' of type 'System.String'.
[11:57:48 DBG] Attempting to bind parameter 'returnUrl' of type 'System.String' ...
[11:57:48 DBG] Attempting to bind parameter 'returnUrl' of type 'System.String' using the name 'returnUrl' in request data ...
[11:57:48 DBG] Done attempting to bind parameter 'returnUrl' of type 'System.String'.
[11:57:48 DBG] Done attempting to bind parameter 'returnUrl' of type 'System.String'.
[11:57:48 DBG] Attempting to validate the bound parameter 'returnUrl' of type 'System.String' ...
[11:57:48 DBG] Done attempting to validate the bound parameter 'returnUrl' of type 'System.String'.
[11:57:48 DBG] Found the endpoints ["Route: {controller=Home}/{action=Index}/{id?}"] for address Microsoft.AspNetCore.Routing.RouteValuesAddress
[11:57:48 DBG] Successfully processed template {controller=Home}/{action=Index}/{id?} for Route: {controller=Home}/{action=Index}/{id?} resulting in /Account/ExternalLoginCallback and ?ReturnUrl=%2F
[11:57:48 DBG] Link generation succeeded for endpoints ["Route: {controller=Home}/{action=Index}/{id?}"] with result /Account/ExternalLoginCallback?ReturnUrl=%2F
[11:57:48 INF] Executing ChallengeResult with authentication schemes (["OpenIdConnect"]).
[11:57:48 DBG] 1. Begin OnRedirectToIdentityProviderAsync
[11:57:48 DBG]    Sending OpenIdConnect message:
[11:57:48 DBG]    - ClientId=787EBDED-B77E-4CFC-BAA0-2D2B00C41B4F
[11:57:48 DBG]    - EnableTelemetryParameters=True
[11:57:48 DBG]    - EnableTelemetryParametersByDefault=True
[11:57:48 DBG]    - Nonce=637236646687340282.ZDU4MTE0YzQtODlhNC00YzVkLWJlYzMtZGQ2ZTU2NGRkMmRiZDIwYjFiMzEtODUyZS00YmYwLWIzM2EtMGE4OGQ5N2Y0OTNh
[11:57:48 DBG]    - RedirectUri=https://localhost:44338/signin-oidc
[11:57:48 DBG]    - RequestType=Authentication
[11:57:48 DBG]    - ResponseMode=form_post
[11:57:48 DBG]    - ResponseType=id_token
[11:57:48 DBG]    - Scope=openid profile
[11:57:48 DBG]    - SkuTelemetryValue=ID_NETSTANDARD2_0
[11:57:48 DBG]    - IssuerAddress=https://login.microsoftonline.com/dc242542-da90-4334-90e6-9271f2d1f21e/oauth2/v2.0/authorize
[11:57:48 DBG]    - Parameters=System.Collections.Generic.Dictionary`2[System.String,System.String]
[11:57:48 DBG]    - PostTitle=Working...
[11:57:48 DBG]    - Script=<script language="javascript">window.setTimeout('document.forms[0].submit()', 0);</script>
[11:57:48 DBG]    - ScriptButtonText=Submit
[11:57:48 DBG]    - ScriptDisabledText=Script is disabled. Click Submit to continue.
[11:57:48 DBG] 1. End - OnRedirectToIdentityProviderAsync
[11:57:48 DBG] HandleChallenge with Location: https://login.microsoftonline.com/AEEE9884-9E13-41E7-A25F-304C44407A78/oauth2/v2.0/authorize?client_id=787EBDED-B77E-4CFC-BAA0-2D2B00C41B4F&redirect_uri=https%3A%2F%2Flocalhost%3A44338%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=637236646687340282.ZDU4MTE0YzQtODlhNC00YzVkLWJlYzMtZGQ2ZTU2NGRkMmRiZDIwYjFiMzEtODUyZS00YmYwLWIzM2EtMGE4OGQ5N2Y0OTNh&state=CfDJ8DR5ohJGZplEj7fE6niEf5S2C6OCw-M1evKq_337mbU9PBMC1Ht9Ao5xNoce0d62cIlPvoFb5E8LLiArmXC2jAjpaFrHOMRML7oLaE3M6AMteYt-sYTnmlG7kcwkZgT7QM4bO4-c4L8K5KmJTmN_lpYs19Qif1keXM7jPiht7YBy-FClqm2cSrrNzDeXCjPVN7DiVDUoygQ3phlCapglxCphIcEn-HkVYQseLWDCwfdj51vl3NMze9YGWojBYMTxtNndY_b_pH0aVO76IkvR6Rf8kh6HlkX6w8OkXl8qB0DGexNh5YXR5pb98GtnstasV8WCm-MyKrXZFbSMX3A72f-I0FIneeiQikZ1VP4Se8L0gWNVPL9jLa4xZxDXBOCrQCHlUkEuC_QO5KIKj9AzlpQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0; and Set-Cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8DR5ohJGZplEj7fE6niEf5RrLor66Y_-5OrVyG5Fq9emKvC2nf1AkED8NOjrnxZfpifC8JdUw7Khup8ep05a65GSwXaT7O3g6dPlam_ZsIQGb2Mr4-Mnh7AnQWS9vTnG9Oj1GUF449ZUqDroEPnQOiqeRveQzswfADYBAhbjexOcJ9WqcsNcc3MF5PCt8GnvQdDdrbaCQz5Sqg0xZ-03ATi9TBgs3z5YVEVieUlFpllaRFYzENxFJreVjdGaAo8Zo4WkVCu6qz9qR7wZEMzcpgY=N; expires=Tue, 28 Apr 2020 10:12:48 GMT; path=/signin-oidc; secure; samesite=none; httponly,.AspNetCore.Correlation.OpenIdConnect.9TUfulEgkJ30nsYk-XwNP-w_Kt4xSe5IkpoLvBosM18=N; expires=Tue, 28 Apr 2020 10:12:48 GMT; path=/signin-oidc; secure; samesite=none; httponly.
[11:57:48 INF] AuthenticationScheme: OpenIdConnect was challenged.
[11:57:48 INF] Executed action Monitoring.Controllers.AccountController.ExternalLogin (ToSec.Presentation) in 11.6731ms
[11:57:48 INF] Executed endpoint 'Monitoring.Controllers.AccountController.ExternalLogin (ToSec.Presentation)'
[11:57:48 INF] HTTP POST /Account/ExternalLogin?returnurl=%2F responded 302 in 15.9658 ms
Response sent: https://localhost:44338/Account/ExternalLogin?returnurl=%2F with HTTP status 302.0
[11:57:48 INF] Request finished in 18.7003ms 302 
[11:57:48 DBG] Connection ID "17654110545197924495" disconnecting.
Response sent: https://localhost:44338/Account/ExternalLogin?returnurl=%2F with HTTP status 302.0
Anforderung gestartet: "POST" https://localhost:44338/signin-oidc
[11:57:49 INF] Request starting HTTP/2.0 POST https://localhost:44338/signin-oidc application/x-www-form-urlencoded 1774
[11:57:49 DBG] POST requests are not supported
[11:57:49 DBG] No candidates found for the request path '/signin-oidc'
[11:57:49 DBG] Request did not match any endpoints
[11:57:49 DBG] 2. Begin OnMessageReceivedAsync
[11:57:49 DBG]    Received from STS the OpenIdConnect message:
[11:57:49 DBG]    - EnableTelemetryParameters=True
[11:57:49 DBG]    - EnableTelemetryParametersByDefault=True
[11:57:49 DBG]    - IdToken=Id-Token is set but I removed it from log entry
[11:57:49 DBG]    - RequestType=Authentication
[11:57:49 DBG]    - SessionState=16d0f1fd-df4c-4af7-984c-78de75ac8849
[11:57:49 DBG]    - SkuTelemetryValue=ID_NETSTANDARD2_0
[11:57:49 DBG]    - IssuerAddress=
[11:57:49 DBG]    - Parameters=System.Collections.Generic.Dictionary`2[System.String,System.String]
[11:57:49 DBG]    - PostTitle=Working...
[11:57:49 DBG]    - Script=<script language="javascript">window.setTimeout('document.forms[0].submit()', 0);</script>
[11:57:49 DBG]    - ScriptButtonText=Submit
[11:57:49 DBG]    - ScriptDisabledText=Script is disabled. Click Submit to continue.
[11:57:49 DBG] 2. End - OnMessageReceivedAsync
[11:57:49 DBG] Updating configuration
[11:57:49 DBG] Received 'id_token'
[11:57:49 DBG] 3. Begin OnTokenValidatedAsync
[11:57:49 DBG] 3. End - OnTokenValidatedAsync
[11:57:49 INF] AuthenticationScheme: Cookies signed in.
[11:57:49 INF] HTTP POST /signin-oidc responded 302 in 11.9594 ms
Response sent: https://localhost:44338/signin-oidc with HTTP status 302.0
Response sent: https://localhost:44338/signin-oidc with HTTP status 302.0
[11:57:49 INF] Request finished in 13.988ms 302 
Response sent: https://localhost:44338/signin-oidc with HTTP status 302.0
Anforderung gestartet: "GET" https://localhost:44338/Account/ExternalLoginCallback?ReturnUrl=%2F
[11:57:49 INF] Request starting HTTP/2.0 GET https://localhost:44338/Account/ExternalLoginCallback?ReturnUrl=%2F  
[11:57:49 DBG] The request path /Account/ExternalLoginCallback does not match a supported file type
[11:57:49 DBG] 1 candidate(s) found for the request path '/Account/ExternalLoginCallback'
[11:57:49 DBG] Endpoint 'Monitoring.Controllers.AccountController.ExternalLoginCallback (ToSec.Presentation)' with route pattern '{controller=Home}/{action=Index}/{id?}' is valid for the request path '/Account/ExternalLoginCallback'
[11:57:49 DBG] Request matched endpoint 'Monitoring.Controllers.AccountController.ExternalLoginCallback (ToSec.Presentation)'
[11:57:49 DBG] AuthenticationScheme: Identity.Application was not authenticated.
[11:57:49 INF] Executing endpoint 'Monitoring.Controllers.AccountController.ExternalLoginCallback (ToSec.Presentation)'
[11:57:49 INF] Route matched with {action = "ExternalLoginCallback", controller = "Account"}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] ExternalLoginCallback(System.String, System.String) on controller Monitoring.Controllers.AccountController (ToSec.Presentation).
[11:57:49 DBG] Execution plan of authorization filters (in the following order): ["Microsoft.AspNetCore.Mvc.RequireHttpsAttribute (Order: -2147483598)"]
[11:57:49 DBG] Execution plan of resource filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"]
[11:57:49 DBG] Execution plan of action filters (in the following order): ["Microsoft.AspNetCore.Mvc.Filters.ControllerActionFilter (Order: -2147483648)", "Microsoft.AspNetCore.Mvc.ModelBinding.UnsupportedContentTypeFilter (Order: -3000)", "ToSec.Presentation.Filters.GlobalActionFilter"]
[11:57:49 DBG] Execution plan of exception filters (in the following order): ["None"]
[11:57:49 DBG] Execution plan of result filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"]
[11:57:49 DBG] Executing controller factory for controller Monitoring.Controllers.AccountController (ToSec.Presentation)
[11:57:49 DBG] Executed controller factory for controller Monitoring.Controllers.AccountController (ToSec.Presentation)
[11:57:49 DBG] Attempting to bind parameter 'returnUrl' of type 'System.String' ...
[11:57:49 DBG] Attempting to bind parameter 'returnUrl' of type 'System.String' using the name 'returnUrl' in request data ...
[11:57:49 DBG] Done attempting to bind parameter 'returnUrl' of type 'System.String'.
[11:57:49 DBG] Done attempting to bind parameter 'returnUrl' of type 'System.String'.
[11:57:49 DBG] Attempting to validate the bound parameter 'returnUrl' of type 'System.String' ...
[11:57:49 DBG] Done attempting to validate the bound parameter 'returnUrl' of type 'System.String'.
[11:57:49 DBG] Attempting to bind parameter 'remoteError' of type 'System.String' ...
[11:57:49 DBG] Could not find a value in the request with name '' for binding parameter 'remoteError' of type 'System.String'.
[11:57:49 DBG] Done attempting to bind parameter 'remoteError' of type 'System.String'.
[11:57:49 DBG] Done attempting to bind parameter 'remoteError' of type 'System.String'.
[11:57:49 DBG] Attempting to validate the bound parameter 'remoteError' of type 'System.String' ...
[11:57:49 DBG] Done attempting to validate the bound parameter 'remoteError' of type 'System.String'.
[11:57:49 DBG] AuthenticationScheme: Identity.External was not authenticated.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 24

Most upvoted comments

@jennyf19 thanks for your PR.

I just tested the scenario and this works fine with your modification when ensuring that the cookieScheme is set to null

dotnet new mvc --auth Individual

Change the ConfigureServices(IServiceCollection services) to add the likes your proposed:

// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
 services.AddDbContext<ApplicationDbContext>(options =>
      options.UseSqlite(Configuration.GetConnectionString("DefaultConnection")));
            
 services.AddDatabaseDeveloperPageExceptionFilter();

 services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = true)
   .AddEntityFrameworkStores<ApplicationDbContext>();
 services.AddControllersWithViews();

 services.AddAuthentication()
   .AddMicrosoftIdentityWebApp(Configuration, cookieScheme: null); 
}

And this works! This proposes the OpenIdConnect button, which registers the user.

When the PR is merged, we’d want to document the scenario in the wiki

+8
jmprieur on Dec 6, 2020

Thanks! I found that this works works well: services.AddAuthentication() .AddMicrosoftIdentityWebApp(Configuration,"AzureAd", "AzureAD", cookieScheme: null);

With the “AzureAD” it will look for the existing entry in “AspNetUserLogins” table, without it you may get some issues as it will try to register the user and then give an error saying that the email already exist.

+6
erik1988 on Dec 11, 2020

Hi there, got Login to work now with define cookieScheme: null, but how about Logout method? How you do ? to logout from ad too EDIT: Solve Logout from azure too whit this code:

return SignOut(new AuthenticationProperties()
            { RedirectUri = "/Home/Index" },
                   IdentityConstants.ApplicationScheme,
                   OpenIdConnectDefaults.AuthenticationScheme);
+3
PedroVentura235 on Feb 21, 2021

@schmitch @khanhvu161188 @ManuelHaas @erik1988 do you mind trying this branch, which does offers the possibility of not defining the cookie scheme, if you do something like this:

services.AddAuthentication().AddMicrosoftIdentityWebApp(Configuration, cookieScheme: null);

cc: @jmprieur

+2
jennyf19 on Dec 6, 2020

Hello, I have a setup where I store identities in the app and use my organizations azure ad to create and log users in. I just recently upgraded to Core 5 and now I am getting an obsolete warning on the current code. services.AddAuthentication(AzureADDefaults.AuthenticationScheme) .AddAzureAD(options => { Configuration.Bind("AzureAd", options); options.CookieSchemeName = IdentityConstants.ExternalScheme; }); So, I tried to replace it with services.AddMicrosoftIdentityWebAppAuthentication(Configuration); But with that it no longer works. “GetExternalLoginInfoAsync” seems to return null, and that lead me here. Should I just keep using the old method and ignore the obsolete message for now or is this supposed to work? Everything work with the old method; I just don’t like the idea of having an expiration date on a crucial part of the app. Not sure when the plug would be pulled on that.

+2
erik1988 on Dec 2, 2020

@pmaytak could you take a look at this when you have time (after your current task is done)? thanks.

+2
jennyf19 on Aug 26, 2020

@jmprieur This is a pity, the library is then unfortunately useless for me and not only for me I think. Please add a note to the docs for other users.

+2
ManuelHaas on Apr 30, 2020

This makes sense @ManuelHaas : it’s super hard to do without code similar to what is in Microsoft.Identity.Web.

I investigated this morning, and don’t understand yet why this does not work. but I’ll work with the ASP.NET Core team on this.

BTW thanks for raising an issue on the docs.ms page

+1
jmprieur on Apr 30, 2020
Read more comments on GitHub
← microsoft-identity-web: [Bug] Signing in users breaks when using backchannel proxy
microsoft-identity-web: [Bug] Starting release 1.11.0 authentication against Azure B2C using PKCE is broken. →