active-directory-aspnetcore-webapp-openidconnect-v2 | NET Core Web App which lets sign | Azure library

 by   Azure-Samples PowerShell Version: 262737 License: MIT

kandi X-RAY | active-directory-aspnetcore-webapp-openidconnect-v2 Summary

kandi X-RAY | active-directory-aspnetcore-webapp-openidconnect-v2 Summary

active-directory-aspnetcore-webapp-openidconnect-v2 is a PowerShell library typically used in Cloud, Azure applications. active-directory-aspnetcore-webapp-openidconnect-v2 has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. You can download it from GitHub.

An ASP.NET Core Web App which lets sign-in users (including in your org, many orgs, orgs + personal accounts, sovereign clouds) and call Web APIs (including Microsoft Graph)

            kandi-support Support

              active-directory-aspnetcore-webapp-openidconnect-v2 has a medium active ecosystem.
              It has 1200 star(s) with 906 fork(s). There are 110 watchers for this library.
              It had no major release in the last 12 months.
              There are 14 open issues and 292 have been closed. On average issues are closed in 362 days. There are 4 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of active-directory-aspnetcore-webapp-openidconnect-v2 is 262737

            kandi-Quality Quality

              active-directory-aspnetcore-webapp-openidconnect-v2 has 0 bugs and 0 code smells.

            kandi-Security Security

              active-directory-aspnetcore-webapp-openidconnect-v2 has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              active-directory-aspnetcore-webapp-openidconnect-v2 code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              active-directory-aspnetcore-webapp-openidconnect-v2 is licensed under the MIT License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              active-directory-aspnetcore-webapp-openidconnect-v2 releases are available to install and integrate.
              Installation instructions are not available. Examples and code snippets are available.
              active-directory-aspnetcore-webapp-openidconnect-v2 saves you 145512 person hours of effort in developing the same functionality from scratch.
              It has 150942 lines of code, 0 functions and 362 files.
              It has low code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of active-directory-aspnetcore-webapp-openidconnect-v2
            Get all kandi verified functions for this library.

            active-directory-aspnetcore-webapp-openidconnect-v2 Key Features

            No Key Features are available at this moment for active-directory-aspnetcore-webapp-openidconnect-v2.

            active-directory-aspnetcore-webapp-openidconnect-v2 Examples and Code Snippets

            No Code Snippets are available at this moment for active-directory-aspnetcore-webapp-openidconnect-v2.

            Community Discussions


            AzureAD Token Validation
            Asked 2022-Feb-22 at 11:34

            I'm trying to validate a token that was provided by Azure AD inside of an AWS Lambda Function. At the moment I have a MVC Website that you can authenticate to Azure AD with, which returns a JWT Token. This JWT will be passed up to an AWS API Gateway where a Lambda Authorizer will verify it.

            At first I thought the correct method was to pass the JWT back to Azure AD to verify the token. However after reading this, it appears I need to decrypt the token, and validate the issuer and audience. This lead me to this, which does successfully validate the token. However, if i change mySecret to not match the one configured in Azure AD, it still successfully validates?



            Answered 2022-Feb-22 at 11:34

            I've used something like this:



            Azure AD B2C code example does not provide token validation option
            Asked 2022-Feb-17 at 13:13

            I understand that Microsoft emphasizes on a proper token validation.

            The following code example (link includes the exact line of code) does not include token validation:




            Answered 2022-Feb-17 at 13:13

            • To validate the token received from Azure AD B2C in Asp.Net, you will have to include ‘TokenValidationParameters’ value and define the validation of token claims received accordingly in the ‘Startup.cs’ file of the Web API. Please find the below sample code to be included in the ‘Startup.cs’ file for token validation which protects the Web API with Microsoft Identity platform: -



            What exact token validation is done by Microsoft.Identity.Web’s aspnet core middleware?
            Asked 2022-Feb-16 at 11:30

            I am building an aspenet core application that uses AAD (B2c later on) to authenticate users.

            I understand that OAuth2 and OpenID Connect JWT tokens must be validated. It is very important.

            I am going through this code example:


            The example uses this Microsoft.Identity.Web's middleware for authentication.



            Answered 2022-Feb-16 at 11:30

            Microsoft.Identity.Web - The main package. Required by all apps that use Microsoft Identity Web

            Microsoft recommends you use the Microsoft.Identity.Web NuGet package when developing a web API with ASP.NET Core.

            It has lot of dependecies you can check the detailse from this Link

            One of Dependecies is for .NetCoreApp3.1 is Microsoft.AspNetCore.Authentication.JwtBearer (>= 3.1.18)

            The JwtBearer middleware, like the OpenID Connect middleware in web apps, validates the token based on the value of TokenValidationParameters. The token is decrypted as needed, the claims are extracted, and the signature is verified. The middleware then validates the token by checking for this data:

            Audience: The token is targeted for the web API.

            Sub: It was issued for an app that's allowed to call the web API.

            Issuer: It was issued by a trusted security token service (STS).

            Expiry: Its lifetime is in range.

            Signature: It wasn't tampered with.

            for more information you can follow this MS documention.



            Microsoft.Identity.Web OnTokenValidated event doesn't seem to play nicely with async
            Asked 2022-Feb-10 at 17:41

            I've been struggling with the Func that I attach to OnTokenValidated not doing what it should be.

            After lots of trying different things:



            Answered 2022-Feb-10 at 17:41

            I raised the above on the MSAL Github account and after chatting to one of the contributors, the answer is that in the registration of the Options that contains the event handler it needs to be registered as:



            ASP.NET Core 5 MVC and OpenID Connect - error when hosting on remote Windows server
            Asked 2021-Sep-16 at 20:06

            I've run into trouble getting my ASP.NET Core 5 MVC web app to run on a remote Windows 2019 server.

            I've created a sample test app, with the "MS Identity" authentication scheme, which uses OpenID Connect to authenticate users against our company Azure AD.

            This is my Startup.cs for clarification:



            Answered 2021-Sep-16 at 20:06

            Turns out this was due to the configuration inheritance in my IIS.

            I had a first ASP.NET Core app in the "root" of the IIS site - which of course has a web.config that looks something like this:



            Microsoft.Identity.Web.UI works locally but not in App Service
            Asked 2021-Sep-14 at 18:56

            I've been trying to add auth to my web app following:

            If I run locally with appsettings.Development.json via dotnet run, I can log in using my organization credentials as expected. When I containerize and deploy to my Web App in Azure, I do not get logged in successfully. The url in the browser stays at /signin-oidc and goes to the Error page from the default Razor pages app.

            The App Service logs have messages saying .AspNetCore.Correlation.OpenIdConnect.[key?] cookie not found

            [Update] The auth flow works on my phone but not on desktop.

            1. Why would the same code work locally but not deployed?
            2. Why isn't the cookie found?
            3. Why does it work on iOS but not Windows?


            Answered 2021-Sep-14 at 06:45

            Try to remove app.UseCookiePolicy(); in startup class. Take a look here

            Or the problem was IdentityServer was still using AddDeveloperSigningCredential

            You can add a certificate in your code it will work perfectly

            Refer here for more info



            Can Azure handle "sign-up and sign-in" for unknown emails?
            Asked 2021-Aug-26 at 05:03
            How do I sign-up an unknown account and how do I identify the email when they sign-in again ?

            I have just started working with Azure and am creating a Web Application with C# and .Net 5.0 that uses Azure for authentication.

            My plan is to let Azure:

            • Handle authentication and maintain a list of users (emails) and nothing else.
            • Accept sign-up from users we have not invited and don't know in advance.
            • Create users that sign-up under a tenant where you can see their email.

            I want the users of the Web Application to be able to sign-up with a:

            • Microsoft account (Azure, Office 365, Xbox, ...)
            • Social account (Google, Facebook, Twitter, ...)
            • Unknown account (the user provides an email [and password] that is not associated with any known organization AND we do not know the email in advance)

            I can do it for Microsoft and Social accounts, but have trouble finding out how to do it for unknown accounts too.

            I have tried to search the web for while and looked through Microsoft's examples, for example, and am very unsure of what to do.

            For example I do not know if I need to use Azure AD, Azure AD B2C or Azure AD B2B.



            Answered 2021-Aug-26 at 05:03

            It's possible to create the users under specific tenant and also block permissions are also available for the unknown users who are not under your organization (you can give the 2nd part of users email id like domains, in the azure app configuration service.

            You can easily identify the users who are not under your organization domain and the allowed domains like Microsoft and Social accounts you provided under the tenants section.

            To do it, hope this Microsoft documentation helps you.

            Azure AD is a directory service with the goal of serving organizations and their needs for identity management in the cloud. You develop against Azure AD, you can secure your applications with it - their users in Azure AD tenants can use it.

            Your application is targeted for a specific organization or multiple organizations using Azure AD (Office 365).

            Azure AD B2B is just a feature of Azure AD. It allows organizations to grant access to their applications and services for users from other tenants. From your app perspective nothing changes. It is still same Azure AD app. Azure AD B2B has an API which can be used to create flows for the invitation of users from another directory but it is not changing your app design, etc.

            Azure AD B2C is another service built on the same technology but not the same in functionality as Azure AD. Azure AD B2C target is to build a directory for consumer applications where users can register with e-mail ID or social providers like Google, FB, MSA, known as Federation Gateway. The goal for Azure AD B2C is to allow organizations to manage single directory of customer identities shared among all applications i.e. single sign-on.

            Azure AD B2C is not targeted at organization users but consumers. March 2021 Update Microsoft has introduced a new solution which merges B2B and B2C - It is called "External Identities".

            What is "External Identity": It is a mechanism to allow you, to have external users, self-registration for them and control on their process, within your Azure AD (corp) tenants.

            Why it is a merge between Azure AD B2C and Azure AD - those are external users, like in B2C, they can use their own username / e-mail (not a corp. domain) and self-register, but within AAD Enterprise tenant. You can also extend authentication flows for External identities with calls to external systems similar like in AAD B2C.

            Let's talk about scenario, application for schools:

            • Internal users -> Azure AD, covers internal applications, employees etc. in organization. User is in Azure AD
            • External users, like guest teachers from other school, partners -> Azure AD B2B, guest user in Azure AD
              • External users, but not associated with any organization, e.g parents who need an access to students grades in particular application -> External Identities, they can self-register, they exists within the context of specific app, you can call additional API to check, for example if they match the record in CRM during registration
            • External users, open to the internet, e.g. art contest for pupils -> Azure AD B2C. Anyone can register, students, teachers and employees can access it through Azure AD.

            Pricing update: There is pricing update which affects Azure AD B2C and External Identities. First - price is per monthly, active user (MAU). MAU means someone logged on at least once during the billing period (month).
            Second - first 50k users in Azure AD B2C or external identities are Free. So first 50k users in a month, free - next are paid, so 60k active users within a month costs something like 16USD.

            Simple: Azure AD - apps for organizations and their corporate users Azure AD B2C - apps for customers, like mobile apps, shopping portals etc.

            For more reference on Azure AD's: Read this blog post



            ASP.NET core Azure AD authorization problem (chrome doesn't save cookies and makes loop requests)
            Asked 2021-Jun-23 at 09:19

            I'm trying to add azure AD to my project and use this tutorial as example. With localhost all works fine, but after deploying a have such problem as loop redirects from chrome (version 91)
            Also i get this problem using last version of opera and edge. While doing the same in safari and Firefox i didn't get any problems.

            I think it might be a problem with samesite cookies, but i have already tried every one variant (none,lax,unspecified, strict). Also i noticed, that in Firefox in response Cookies i recieve "AspNetCore.Cookies and in Chome i'm not.

            but in chrome it's only these one

            Is anyone can help me with that problem?

            My StartUp file



            Answered 2021-Jun-23 at 09:19

            Here is a fix (it could be not the best, but it works well for me). MDN spec says: "The warning appears because any cookie that requests SameSite=None but is not marked Secure will be rejected." That was my problem with browsers run over Chromium engine (Chrome/Opera/Edge). The default value was CookieSecurePolicy.SameAsRequest i changed it to CookieSecurePolicy.Always :



            .NET Core API Azure B2C authentication configuration
            Asked 2021-Apr-29 at 03:34

            In microsoft documentation we can find example for authentication configuration for b2c.



            Answered 2021-Apr-28 at 20:13

            Don't fully understand the question but the:

            Configuration.Bind("AzureAdB2C", options); });

            is to setup a B2C authentication (as opposed to Azure AD).

            There are two separate projects. The scope goes into the ToDoList project not the WebApp project

            "Add a section name TodoList in the appsettings.json file and add the keys TodoListScope, TodoListBaseAddress".



            Azure Sample 4-1-MyOrg throws "HttpRequestException: Invalid status code in the HttpResponseMessage: Unauthorized." Error
            Asked 2021-Apr-13 at 03:58

            Found very few direct hits on this issue with this sample. Either the sample is relative new or updated and no one has tried it or I am clearly doing something incorrect. Running this in Windows 10 using the latest VSCode. I am new to Azure (recently certified in Fundamentals) and somewhat new to the .Net world. Both could be working against me.

            I have followed the instructions found here multiple times but get the same result. The full stack trace, FWIW, is



            Answered 2021-Apr-13 at 03:58

            I downloaded the sample code and get it works on my side, this is my Azure AD App configs:

            For service Azure AD APP config:

            App ID: a6b73b06-450a-4fac-a7bb-569c3644594c

            Exponse an API:

            For client Azure AD APP config:

            App ID: d2a53db5-da38-47b7-97f1-2d27a9dd056d

            Auth config:

            API required permissions:

            create a client secret:

            Service project applications.json settings:

            Client project applications.json settings:



            Community Discussions, Code Snippets contain sources that include Stack Exchange Network


            No vulnerabilities reported

            Install active-directory-aspnetcore-webapp-openidconnect-v2

            You can download it from GitHub.


            Use Stack Overflow to get support from the community. Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [msal dotnet]. If you find a bug in the sample, please raise the issue on GitHub Issues. To provide a recommendation, visit the following User Voice page. Consider taking a moment to share your experience with us.
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries

            Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular Azure Libraries

            Try Top Libraries by Azure-Samples


            by Azure-SamplesPython


            by Azure-SamplesHTML


            by Azure-SamplesC#


            by Azure-SamplesShell