External authentication not working when configured in 'Authentication / Authorization' settings of Azure portal

Question

Although locally my ASP.NET Core website worked just fine, I ran into an internal server error when publishing it to Azure ("An error occurred while starting the application."). I found out more details on the exact error by passing .CaptureStartupErrors(true).UseSetting("detailedErrors","true") to WebHostBuilder in Program.cs.

System.ArgumentException: The 'ClientId' option must be provided.

This refers to the Google authentication options as part of Configure() in Startup.cs.

app.UseGoogleAuthentication( new GoogleOptions()
{
    ClientId = Configuration[ "Authentication:Google:ClientId" ],
    ClientSecret = Configuration[ "Authentication:Google:ClientSecret" ]
} );

During development, these are successfully loaded using user secrets in Startup():

if ( env.IsDevelopment() )
{
    builder.AddUserSecrets<Startup>();
}

According to the documentation, ClientId and ClientSecret should be specified in the Azure portal under 'Authentication / Authorization' of the web app settings. Even though I had originally specified there, the exception persists.

Am I missing something?

Answer 1

The 'Authentication / Authorization' settings are seemingly just a pleasant front-end to set environment variables. This is not very well documented. Alternatively, these can be set in the (inaptly named) 'Application Settings->App settings'.

Although the external authentication provider tutorial for Google suggests to use Authentication:Google:ClientId and Authentication:Google:ClientSecret as keys for the environment variables, these are not the keys which are set by the authentication menu in Azure.

If you want to load the values which are set in the authentication menu (as opposed to just setting your own keys in 'app settings'), you need to figure out which environment variables it sets.

A quick listing of all variables using Get-ChildItem Env: in PowerShell ('Kudu', accessible from 'advanced tools' on Azure) lists the variables which should be used instead:

app.UseGoogleAuthentication( new GoogleOptions()
{
    ClientId = Configuration[ "WEBSITE_AUTH_GOOGLE_CLIENT_ID" ],
    ClientSecret = Configuration[ "WEBSITE_AUTH_GOOGLE_CLIENT_SECRET" ]
} );

Do not forget to update the keys stored in User Secrets as well!

P.s. Weirdly enough, when I first tried setting the variables simply using 'Application Settings', they disappeared when reloading the menu. Just a heads up, that interface seems a bit buggy.