Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • bh 444 posts 1544 karma points
    Dec 20, 2023 @ 17:49
    bh
    0

    How to pass MvcOptions to AddControllersWithViews

    I need to be able to pass MvcOptions to AddControllersWithViews to setup OIDC authentication on the frontend of my v12.2 site. But, as I understand it AddControllersWithViews is compiled in Umbraco.Web.Common.dll as part of UmbracoBuilderExtensions.cs

    Is there a way to override AddControllersWithViews in Startup.cs?

    This is what I would typically do in Startup.cs for a typical .NET Core site, but I can't figure out how to do this for a Umbraco v12.2 site...

    services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
          .AddMicrosoftIdentityWebApp(_config.GetSection("AzureAd"));

services.AddControllersWithViews(options =>
{
    var policy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();
    options.Filters.Add(new AuthorizeFilter(policy));
});
    Copy Link
  • Brendan Rice 538 posts 1102 karma points
    Dec 20, 2023 @ 18:18
    Brendan Rice
    0

    Would something like this work:

       services.Configure<MvcOptions>(options =>
    {
        var policy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .Build();
        options.Filters.Add(new AuthorizeFilter(policy));
    });
    Copy Link
  • bh 444 posts 1544 karma points
    Dec 20, 2023 @ 18:35
    bh
    0

    @BrendanRice thanks for the reply! I liked your solution and thought it might just work. Alas, I tried it and got the same error I do when I use the original code.

    enter image description here

    Copy Link
  • Brendan Rice 538 posts 1102 karma points
    Dec 20, 2023 @ 18:43
    Brendan Rice
    0

    Can you increase the query string length in the web.config?

    <system.webServer>
    <security>
        <requestFiltering>
            <requestLimits maxQueryString="4096" />
        </requestFiltering>
    </security>
</system.webServer>
    Copy Link
  • Brendan Rice 538 posts 1102 karma points
    Dec 20, 2023 @ 18:47
    Brendan Rice
    0

    Actually looking at the query string it looks like there is a loop going on with the return URL growing in length each time.

    When I say loop, I mean a redirect loop of some sort.

    Any idea why?

    Copy Link
  • bh 444 posts 1544 karma points
    Dec 20, 2023 @ 18:54
    bh
    0

    @BredanRice 100% agree. I was just typing the same thing. Looks like Umbraco gets hung in an infinite loop. I'm not sure where "/account/login" comes from. I setup the App registration in portal.azure.com and specify my localhost redirect URI as https://localhost:44314/signin-oidc

    Copy Link
  • Brendan Rice 538 posts 1102 karma points
    Dec 20, 2023 @ 19:01
    Brendan Rice
    0

    It sounds like a misconfigured redirect URL.

    What I think is happening:

    1. User logs in with a redirect URL in the query string
    2. The application redirects the user to the same URL that handles logins and redirects the user back to the login page
    3. Code checks the user is logged in, sees he is then redirects back to the login page again
    4. On and on this goes and the query string length exceeds the maximum

    Without seeing your code that's just a guess but hopefully one that gets you closer to a solution.

    Copy Link
  • bh 444 posts 1544 karma points
    Dec 21, 2023 @ 13:47
    bh
    0

    @brendanrice there's not much code to make AzureAD OIDC work on a .NET Core site...

    First you register the site in Azure and specify the redirect URI. For this example mine is: https://localhost:44314/signin-oidc

    You add this to Startup.ConfigureServices...

    services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(_config.GetSection("AzureAd"));

    services.AddControllersWithViews(options =>
    {
       var policy = new AuthorizationPolicyBuilder()
           .RequireAuthenticatedUser()
           .Build();
       options.Filters.Add(new AuthorizeFilter(policy));
    });

    And then you add these to Startup.Configure...

    app.UseAuthentication();
app.UseAuthorization();

    Then what should happen is the website visitor gets prompted with the OIDC login screen and after authenticating against AzureAD they're allowed into the website. That's it.

    Copy Link
  • Brendan Rice 538 posts 1102 karma points
    Dec 21, 2023 @ 15:13
    Brendan Rice
    0

    Sorry I'm not that familiar with AzureAD OIDC.

    One things that jumps out though is the URL, you say your login URL is:

    https://localhost:44314/signin-oidc

    Yes this differs from the Requested URL in the 404.15 error message:

    https://localhost:44314/Account/Login?ReturnUrl=%2FAccount%2FLogin...

    Is this mismatch expected?

    Copy Link
  • bh 444 posts 1544 karma points
    Dec 21, 2023 @ 15:19
    bh
    0

    @brendanrice I don't know where /account/login is coming from. That's not part of my code. I presume it's from Umbraco.

    If I had to guess, purely a guess here...but I'm wondering if the app.UseAuth lines causes Umbraco to attempt to call the Umbraco backoffice login page.

    Copy Link
  • bh 444 posts 1544 karma points
    Jan 03, 2024 @ 20:44
    bh
    0

    @brendanrice I found this https://docs.umbraco.com/umbraco-cms/tutorials/add-azure-active-directory-authentication

    Umbraco login via Azure AD is setup for a multi-tenant Azure AD...ours is a single-tenant Azure AD. I started a new thread addressing that specific issue https://our.umbraco.com/forum/using-umbraco-and-getting-started//113357-umbraco-members-single-tenant-azure-ad-auth

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft