I'm using the new ASP.NET JavaScriptServices template and trying to add basic B2C authentication.
I simply want if the user doesn't have an ASP.NET Core Auth Cookie for them to be directed instantly to login to B2C.
I feel I'm close in attempting to force Challenge, but it keeps redirecting back and never actually feeding me to a login page. This is using localhost.
Full code sample can be found here:
https://github.com/aherrick/AToMS.Config.Web
What do I need to change in order to force auth on initial request?
Below is the Startup Configure method in question:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseAuthentication();
app.Use(async (context, next) =>
{
if (!context.User.Identity.IsAuthenticated)
{
// force login here? but it keeps redirecting back infinite loop.
await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
return;
}
await next.Invoke();
});
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action=Index}/{id?}");
});
app.UseSpa(spa =>
{
// To learn more about options for serving an Angular SPA from ASP.NET Core,
// see https://go.microsoft.com/fwlink/?linkid=864501
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseAngularCliServer(npmScript: "start");
}
});
}
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddAzureAdB2C(options => Configuration.Bind("AzureAdB2C", options))
.AddCookie(configureOptions =>
{
});
services.AddMvc();
// In production, the Angular files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/dist";
});
}
