-
Notifications
You must be signed in to change notification settings - Fork 247
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Graph SDK is not working together with Microsoft.AspNetCore.Identity.EntityFrameworkCore #1140
Comments
Hey @wmmihaa, Thanks for raising this issue. Are you able to provide more information on the version of the SDK you are using? |
My apologies @andrueastman ... Same in both projects... |
Hey @wmmihaa, Taking a look at the configuration of the sample app here, the configuration is set up as services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration)/// This line is different for you
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches(); From the exception trace it seems that some configuration value is not setup correctly causing the error. Any chance the suggestion above works out? |
No Configuration is just a configuration section. The code is the same. |
The reason I ask is that from the source of the function throwing the error here, the Are you able to verify that this is happening as expected? |
It did not make any difference, and besides the same code works in the new ASP.Net 5 MVC project. |
I've made this video which I hope will be of help: https://youtu.be/luQ75XSsPr8 It might have something to do with the fact that I have to disable cookieScheme, but I don't know. HTH |
Thanks so much for the extra info @wmmihaa. |
Hey @wmmihaa It seems that using Microsoft.Identity.Web and calling You should be able to work around this with the suggestion on the link above. Essentially, your code should be something like public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<GreenEdgeDbContext>(options =>
options.UseSqlServer(Configuration.GetValue<string>("DefaultConnection")));
// add the identity like this
services.AddDefaultIdentity<ApplicationUser>( options =>
{
options.SignIn.RequireConfirmedAccount = false;
})
.AddDefaultUI()
.AddEntityFrameworkStores<GreenEdgeDbContext>();
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
services.AddRazorPages()
.AddMicrosoftIdentityUI();
// Add the UI support to handle claims challenges
services.AddServerSideBlazor()
.AddMicrosoftIdentityConsentHandler();
string[] initialScopes = Configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' ');
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration, cookieScheme: null) // set cookie scheme to null to prevent another
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
} A similar issue is documented at the link below |
Thank you @andrueastman for you effort, but your code bypasses the whole scaffolding part such as |
@andrueastman Please re-open this issue |
Thanks for extra information @wmmihaa. Sorry, I didn't realize that you wished to go that route. I believe you should be able select the relevant authentication provider registration when making the call to graph by modifying the graph call to be var users = await _graphServiceClient.Users
.Request()
.WithAuthenticationScheme(OpenIdConnectDefaults.AuthenticationScheme) // select the auth scheme
.Filter("displayName eq 'HAKANSSON Mikael'")
.GetAsync(); Any chance this works out for you? If not, are you able to share a sample project to show how you have configured it with your UserModel? |
I added the MSAL.NetCore.4.36.0.0.MsalUiRequiredException:
ErrorCode: user_null
Microsoft.Identity.Client.MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call.
at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.ApiConfig.Executors.ClientApplicationBaseExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenSilentParameters silentParameters, CancellationToken cancellationToken)
at Microsoft.Identity.Web.TokenAcquisition.GetAuthenticationResultForWebAppWithAccountFromCacheAsync(IConfidentialClientApplication application, ClaimsPrincipal claimsPrincipal, IEnumerable`1 scopes, String authority, MergedOptions mergedOptions, String userFlow, TokenAcquisitionOptions tokenAcquisitionOptions)
at Microsoft.Identity.Web.TokenAcquisition.GetAuthenticationResultForUserAsync(IEnumerable`1 scopes, String authenticationScheme, String tenantId, String userFlow, ClaimsPrincipal user, TokenAcquisitionOptions tokenAcquisitionOptions)
StatusCode: 0
ResponseBody:
Headers: |
Hey @wmmihaa, It seems that the generated default scaffolding for You could possibly try to modify the // Sign in the user with this external login provider if the user already has a login.
var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor : true);
if (result.Succeeded)
{
// Add these two lines to ensure all the claims are passed accross
var user = await _signInManager.UserManager.FindByLoginAsync(info.LoginProvider, info.ProviderKey);
await _signInManager.SignInWithClaimsAsync(user, false, info.Principal.Claims);
_logger.LogInformation("{Name} logged in with {LoginProvider} provider.", info.Principal.Identity.Name, info.LoginProvider);
return LocalRedirect(returnUrl);
} |
@andrueastman You are a genius! |
Describe the bug
I'm trying to use the Graph API to search for users on behalf of the logged in user (User.Read.All).
I can create a new ASP.Net 5 MVC project and get everything working with the Graph SDK (Microsoft.Identity.Web.MicrosoftGraphExtensions), but when trying to add the same configuration and logic to an existing ASP.Net 5 MVC application it fails. The difference between these applications is that the existing application is using Microsoft.AspNetCore.Identity.EntityFrameworkCore to persist user information.
appsettings.json:
Startup.cs (ConfiigureServices)
As users login they get redirected to AAD from the ExternalLoginModel::OnPost (Skaffolding) and after successful signin redirected back to OnGetCallbackAsync.
As the user reach the controller, we try to search for users using the Graph API:
This fails with:
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: