Azure AD authentication in ASP.NET web forms

Question

0.00/5 (No votes)

See more:

I have an ASP.Net Web Forms application in which I have been tasked with implementing Azure AD authentication.

It seems as if, while debugging the application in localhost, the prompt opens properly - it doesn't do any redirection, but I guess that's an issue with my code or Azure settings.

When I deploy the application on its production server on a third party host (not Azure), the authentication prompt will not open at all.

What could the cause of this be?

Below is the code I use for the authentication process

VB.NET

Imports Microsoft.Identity.Client
Imports Microsoft.VisualBasic

Public Class AuthenticationManager
    Private Shared app As PublicClientApplication

    Shared Sub New()

        Dim clientId As String = ConfigurationManager.AppSettings("ida:ClientId")
        Dim redirectUri As String = ConfigurationManager.AppSettings("ida:RedirectUri")
        Dim tenantId As String = ConfigurationManager.AppSettings("ida:Tenant")
        Dim authorityUri = "https://login.microsoftonline.com/" & tenantId
        Dim scopes As String() = New String() {"https://graph.microsoft.com/User.Read"}



        app = PublicClientApplicationBuilder.Create(clientId).WithAuthority(authorityUri).WithTenantId(tenantId).WithRedirectUri(redirectUri).Build()
    End Sub

    Public Function GetAuthenticationResult() As String
        Try
            Dim scopes As String() = New String() {"https://graph.microsoft.com/User.Read"}

            Dim result As Microsoft.Identity.Client.AuthenticationResult = app.AcquireTokenInteractive(scopes).WithPrompt(Prompt.ForceLogin).ExecuteAsync().Result
            Return result.Account.Username
        Catch ex As Exception
            Err.Clear()
            Return "-"
            Exit Function
        End Try

    End Function
End Class

VB

Private Sub BtnConnectWithAzure_Click(sender As Object, e As EventArgs) Handles BtnConnectWithAzure.Click
        Dim t As New Threading.Thread(AddressOf AuthenticateUser)
        t.SetApartmentState(ApartmentState.STA)
        t.Start()
    End Sub

    Private Sub AuthenticateUser()
        System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 Or SecurityProtocolType.Tls12
        Dim app As New AuthenticationManager
        Dim username As String = app.GetAuthenticationResult()

        If username <> "-" Then
            Response.Redirect(username) 'This could be a problematic part re: redirection            
        End If

    End Sub

What I have tried:

I initially thought this was an issue regarding blocked popups on the browser, but it doesn't seem to be related to that - it doesn't seem to be a permission issue in general. I haven't really found any other suggestions online on what could be causing the issue

Posted 22-May-23 20:19pm

Fydobas

Updated 22-May-23 21:34pm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Accepted Answer · 2023-05-22T21:34:00

Solution 1

AcquireTokenInteractive[^] is used in desktop applications, not websites.

It will pop up a new browser window to prompt for credentials on the machine where the code is running. In this case, that will be the server, where nobody will ever see it. It might appear to work when you debug it; but that's only because, in that specific case, the server and the client are the same machine.

Acquiring a token for a web application requires a different approach:
Get a token in a web app that calls web APIs - Microsoft Entra | Microsoft Learn[^]

Posted 22-May-23 21:34pm

Richard Deeming

Comments

Fydobas 23-May-23 3:59am

Oh that makes complete sense. That link you provided, however, is slightly confusing as it seems to be referring to a Web API/MVC project, not Web Forms like my case - and the samples seem incomplete.

Richard Deeming 23-May-23 5:18am

Yes, WebForms is essentially "dead" now. You'll start to struggle to find Microsoft documentation even for the core classes, as MS have started "de-listing" the WebForms documentation pages from search engines.

You can find some third-party blog posts that cover integrating MSAL with WebForms - for example:
Create an ASP.NET Web Application (.NET Framework - Web Forms or MVC) using Azure AD Authentication - .matrixpost.net[^]

Fydobas 23-May-23 6:32am

I have managed to make most of it work using OWIN. Just that for some reason, I cannot get the user name using HttpContext.Current.GetOwinContext().Authentication.User.Identity.Name... it's always empty.