I am using Blazor WebServer with Identity Server template, downloaded from ABP.IO
When run locally, it all works fine. Login is success and able to see the post login page.
Once deployed to Azure App Service, Identity page shows correctly and even able to login. On the Blazor page, click on login, enter credentials, redirects back to the logged out page, but seems session is created, and login button shown. there is no error logged in the log files and console also has no errors.
Redis is running as Azure Redis Cache and there are no reported errors. I have deployed to below URL on Azure using the default template. Nothing confidential so I can share. The credentials are also the default credentials for abp.io.
Blazor: https://shoutout-core-dev.azurewebsites.net/
Identity: https://shoutout-identity-dev.azurewebsites.net/
It seems that there is no error already. Because when I make a request via swagger, I can access the necessary user information. As you stated, actually the session was created.
But there is a problem with the UI. To test the problem, after publishing the application in your local, can you run ASPNETCORE_ENVIRONMENT with the Production environment variable?
In addition, we need your ABP version information and your steps while publishing in local so that we can repeat the error.
this problem probably occurs on chrome. If you try to use firefox, you will pass the problem.Also, you can check this link for the fix on the chrome :
https://community.abp.io/posts/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n
Related
I have a Blazor WASM app with Azure AD Authentication. I use Visual Studio as IDE and use Browserlink to test before deploying to Azure App Service.
This morning (was fine yesterday) when I try to use the Browserlink "View in Browser", the website comes up properly in localhost, but when I click the Login button, the microsoft authentication window (pop up) flashes up and then disappears and I can't see it or get to it in any way.
I deployed the exact same current application to Azure App Service and the authentication window comes up as expected with no issues. I do have the localhost address in the Azure portal under the App registrations authentication section and am using https for all calls.
Not sure what else to check. Appreciate any help, thank you.
Please check if it was the issue with Internet explorer as there are known issues with pop-up windows on Internet Explorer.
During sign in, to acquire tokens using MSAL.js, the library first attempt a silent token request using the acquireTokenSilent method and checks the cache in browser storage to see if a valid token exists and returns it.See if it is not clearing the cache and has azure AD Session is found already which may not redirect or pop up for login.
If no valid token is in the cache, it sends a silent token request to Azure Active Directory (Azure AD) from a hidden iframe . However, if no valid Azure AD Session exists, silent token request fails and user can be either provided with a login popup or redirect.
In your case, at the first launch of the application, when no valid token in the cache or valid Azure AD Session is found, silent token request fails and you are presented with the login popup but subsequent logins work without login popup.
Pop up and redirect
I still have no idea what was going on. I had tried the hard refresh and empty cache option as well as a reboot.
It seems to have fixed itself as today was fine. Thank you for your responses.
I'm struggling with Azure AD authentication on my Blazor Server app, but only when deployed to an Azure App service.
My app is presenting the login screen, and appears to authenticate me.
Every page appears to result in just a single line
"You do not have permission to view this directory or page."
After login, I get that line.
I attempt to go to /counter, same line....
I do not get this after login when running from my IIS Express dev machine, after authentication, I get the index page, can nav to counter, fetch data, etc.
I take it there is something different between development environment and production.
I tried to deploy my debug configuration, same result.
I don't see where this "You do not have permission to view this directory or page." message is coming from, at all.. I don't see it on any components or pages.
I'm using the V2 end points for MSAL, and again, they seem to work okay in development
Do I need to add an attribute to my page or component? Do I need to set up a specific role somewhere in Azure App?
What should I have in startup.cs or program.cs?
Again, I've put my actual app aside and just spun up a new one with just the default counter and fetch data demo stuff, used VS to add Microsoft Identity, run thru the config steps for it, all successfully. Run from dev machine, it asks me to log in, I log in, it shows I'm logged in on the login control, etc. All looks fine. Hit deploy and spin up an App Service for it, deploys without error, starts up, asks me to login, I do, and I get the You do not have permission line
Anyone else experience this?
If you are logging using user ID under Azure Active Directory (AAD), you have to modify in Settings:
Authentication / Authorization
App Service Authentication, "ON" =>> choose: Log in With Azure Active Directory
Select 'ActivityProvider', AAD.
Configured (Express: Existing APP)
Manage Azure Active Directory: Manage Permission & Manage Application
For Manage Permission ==>> Add, In Delegate Permission, choose: Sign in and read user profile and refresh your browser to login again.
Also, check all your web app files though KUDU Console.
Follow this link,
<your_web_app_name>.azurewebsites.net > Debug Console (from top menu) > CMD/PowerShell > Site > wwwroot.
That should contains all your files.
I have been updating a system that has been in place for sometime and finding some clients have issues with login on mobile devices.
I have a test system in place and setup Application in Azure AD and noticed during testing if I login with incorrect credentials, login.microsoftonline.com will show:
Sorry, but we’re having trouble signing you in.
AADSTS50020: User account...
When login to the clients live systems I don't see this error and just get returned to the home page of the application.
The only difference is the client apps are configured with credentials for there Azure AD instance and I cannot access them. These where also built on the legacy App Registrations but that shouldn't be issue (ha). The server side is the same implementation.
Why am I not seeing the AADSTS errors in productions sites?
If you are not seeing any error and are just getting returned to the homepage it seems more likely to be an issue with the Redirect URI or the app registration configuration.
Please confirm that the redirect URIs in your application and in your registration are what they are intended be.
Also, ask them to check the developer tool logs when signing in to see if anything shows up. It might be failing but not triggering the error message.
I have a Dynamics CRM 2015 on premise instance, IFD configured with claims authentication, as recommended from Microsoft, and working OK.
There is also a separate angular application, wrapped in, in ASP.NET MVC web application. The angular part i assume is not related much, but nevertheless, let it be here for complete picture.
I also have it configured to work with ADFS claims authentication, with the point being, the user to be logged in, and using the application, in the same user context in both CRM and web app. So when a user is using the application, he is using it with the user he logged in, in CRM with.
So, when i try to access the app URL, i get redirected to the adfs login, from which after logging in, i get redirected to my app index page. This is working fine as well.
In CRM i have a ribbon button which transfers selected records, to the web app, directly to the web app url, so as https://webapp.domain.com:port. Selected records is mentioned here only as info, and it is not related to the problem.
Now, my problem is, when i access CRM, i login to ADFS, and then try to click the button to open web app URL, i get the ADFS login screen again. If i try to login with the same user, i am stuck in a loop without any requests being sent, and the fields are constantly clearing, without the possibility of logging in.
So the users cannot access it anymore. It is not browser related.
Correction:
Requests are getting sent, and the login request appears in the audit log in event viewer, as successful, but the redirection doesn't seem to happen. Also, it seems to be browser related, not sure how I've missed it before:
IE: I get a windows login instead of ADFS login, and after inputting password, i get redirected, and then logged in OK. This login should not show though.
Chrome: Constant loop, and a console issue logged: The specified value "DOMAIN\USERNAME" is not a valid email address.
Firefox: Fields, are constantly cleared in a loop.
End Correction
If i clear the cache, or firstly login to the web app directly, then there is no problem, and opening the URL from CRM after that works normally.
This issue is turning out to be quite of a drag, as i do not know how to address it. Has anyone had similar issue, with external apps logging in with claims, to let me know what i am missing?
Claims rules for the web app are below:
I am using the salesforce mobile sdk to develop an application in native IOS. I was doing some testing logging in as a user. All was fine. Then I logged out. When I logout I call the coordinator revoke authentication method. I then tried to login as a new user who had never logged into the device and I received the following error: "Receiving Remote Access Authorization Error there was a problem in setting up your remote access." I then selected the Not me link and it logged me out. However, when I tried to login again as the user that wasn't able to login it takes me to the salesforce website for that user?!!!! It did not take me to the application but to the salesforce website? Anyone know why first the error above occurs? Does it have to do with a possible token issue? Also why would I be driven to the salesforce website when I try to login as the user again?
Note: The salesforce login is in its own webview component. I had a button to force a logout no matter where I am in the app. When I force the logout and try to login as the person it then takes me to the application. Very confused in terms of what is going on in this scenario.
There is potentially a solution posted here, or at least some clues: seems to suggest a timing issue and refreshing the web view in applicationDidBecomeActive might fix it
https://developer.salesforce.com/forums/ForumsMain?id=906F00000009CBgIAM
Also more information here:
http://help.salesforce.com/apex/HTViewSolution?id=000175700&language=en_US
You might also try making sure that you have a Connected App properly set up under Setup/Create/Apps, and that the key and return URL match those hardcoded in your app.