We have a MVC3.0 based application(4.7.2 .NET Framework) and we have integrated the Azure AD B2C code based on the sample app at URL https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi
When we run the app, Azure Login Page comes, user inputs user name and password and click "submit" button. After successfull authentication, flow enters the following code which is present in " "App_Start/Startup.Auth.cs" file.
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification)
{
try
{
/*
The `MSALPerUserMemoryTokenCache` is created and hooked in the `UserTokenCache` used by `IConfidentialClientApplication`.
At this point, if you inspect `ClaimsPrinciple.Current` you will notice that the Identity is still unauthenticated and it has no claims,
but `MSALPerUserMemoryTokenCache` needs the claims to work properly. Because of this sync problem, we are using the constructor that
receives `ClaimsPrincipal` as argument and we are getting the claims from the object `AuthorizationCodeReceivedNotification context`.
This object contains the property `AuthenticationTicket.Identity`, which is a `ClaimsIdentity`, created from the token received from
Azure AD and has a full set of claims.
*/
IConfidentialClientApplication confidentialClient = MsalAppBuilder.BuildConfidentialClientApplication(new ClaimsPrincipal(notification.AuthenticationTicket.Identity));
// Upon successful sign in, get & cache a token using MSAL
AuthenticationResult result = await confidentialClient.AcquireTokenByAuthorizationCode(Globals.Scopes, notification.Code).ExecuteAsync();
DisplayUserInfo(result);
}
catch (Exception ex)
{
throw new HttpResponseException(new HttpResponseMessage
{
StatusCode = HttpStatusCode.BadRequest,
ReasonPhrase = $"Unable to get authorization code {ex.Message}."
});
}
}
private void DisplayUserInfo(AuthenticationResult authResult)
{
if (authResult != null)
{
var token = new JwtSecurityToken(jwtEncodedString: authResult.IdToken);
string userName = token.Claims.First(c => c.Type == "extension_userName").Value;
HttpContext.Current.Session.Add("userName", userName);
}
}
What is the issue? We want to save the claims in session. We have the following in the code:-
HttpContext.Current.Session.Add("userName", userName);
The above line is throwing error as HttpContext is not available here.
After some R&D we added the following(2nd line) in web config file, we are able to access the httpContext at the same location.
That line is also there in MS sample code which I have mentioned above.
Where is the gap?
I checked the CLR Versions installed on my machine. Refer the following screen shot:-
I do not have CLR 4.5 installed on my machine.
I also referred What do the TargetFramework settings mean in web.config in ASP .NET MVC? but things are not that clear(100%) even after reading this article.
".NET Framework" version and "CLR" versions are 2 differnt things.
Just by adding HttpContextt becomes asseccible is not at all clear to me.
Any more light on the above would be very helpfull. thanks
