0

Im coding a Blazor App (ASP.NET Core 3.1) for MS Teams.
In the App user have to authentificate themself via an authentification popup.
The app is hostet via internal IIS on localhost and is tunneled via ngrok in MS Teams.
In Blazor there are Blazor Components which are saved via @attribute [Authorize] flag which is discribed in Blazor Security.
The App is registeres at Azure AD Portal correctly.
When i try to authentificate via Azure AD in the App which is hosted in MS Teams the App reads the user credentials and send them to Azure. I think at the redirect the Error An unhandled exception occurred while processing the request. Exception: Correlation failed. Unknown location Exception: An error was encountered while handling the remote login. Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync() is thrown.
The call is looking like this: 

https://login.microsoftonline.com/[tenantid]/oauth2/authorize?client_id=[clientId]&redirect_uri=https%3A%2F%2Flocalhost%3A44302%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=[nonce]&state=[state]&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0

Also there is no cookie created.
The interesting thing is in the Browser (Chrome) the authentificaion flow works fine and also the cookie is created correctly. Also the Blazor AuthentificationStateProvider gets the UserState correctly from the popup.
My Login Page with the Authentification Popup: 
function login() {
        $(".auth-data").hide();
        microsoftTeams.authentication.authenticate({
            url: window.location.origin + "/AzureAD/Account/SignIn",
            width: 600,
            height: 535,
            successCallback: function (result) {
                window.location.replace(window.location.origin + "/");
            },
            failureCallback: function (reason) {
                console.log("Login failed: " + reason);
                if (reason === "CancelledByUser" || reason === "FailedToOpenWindow") {
                    console.log("Login was blocked by popup blocker or canceled by user.");
                }
                // At this point we have to get the user involved, so show the login button
                $("#btnLogin").show();
                $(".auth-data").hide();
                $("#divError").text(reason).show();
            }
        });
    }

My Startup Page: 

private void CheckSameSite(HttpContext httpContext, CookieOptions options)
    {
        if (options.SameSite == SameSiteMode.None)
        {
            var userAgent = httpContext.Request.Headers["User-Agent"].ToString();
            // TODO: Use your User Agent library of choice here.
            if (userAgent.Contains("Chrome"))
            {
                options.SameSite = SameSiteMode.Unspecified;
            }
        }
    }

    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
            options.OnAppendCookie = cookieContext =>
                CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
            options.OnDeleteCookie = cookieContext =>
                CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
            options.HttpOnly = HttpOnlyPolicy.None;
            options.Secure = CookieSecurePolicy.Always;
        });

        services
            .AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => Configuration.Bind("AzureAd", options));

        services.Configure<JwtBearerOptions>(
        AzureADDefaults.JwtBearerAuthenticationScheme, options =>
        {
            options.TokenValidationParameters.NameClaimType = "name";
        });

        services.AddRazorPages();
        services.AddServerSideBlazor();
        services.AddBlazoredLocalStorage();
    }

    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        app.UseCookiePolicy();

        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Error");
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();

        app.UseRouting();

        app.UseAuthentication();
        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllers();
            endpoints.MapBlazorHub();
            endpoints.MapFallbackToPage("/_Host");
        });
    }

As you can see i used the method which is mentioned on another stack overflow question Stack Overflow this dont work for my task.
I could need help if there is something wrong configured in my Startup or somewhere else beacause authentification via Teams dont work for me just via the Browser.

TheseusDev
  • 1
  • Can you please check if you have done [this step](https://stackoverflow.com/a/50578269/12318748) – Subhasish Aug 11 '20 at 14:49
  • I tried your step and added the AddDataProtection and PersistKeyToFileSystem to my Startup but it doesnt solve my Correlation Error. At Startup it created a Key.xml file but at the authentification flow the error still is thrown. – TheseusDev Aug 17 '20 at 07:27
  • Can you please have a look at the docs which will help you on [authenticate a use](https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-tab-aad) in Teams and for more [info](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc#sample-response) on OIDC. – VaraPrasad-MSFT Sep 20 '20 at 09:31

0 Answers0