asp.net-coreazure-active-directoryazure-appservicemicrosoft-identity-platformeasy-auth

Azure App Service Requires Login On Every Browser Close With Easy Auth Azure AD

I am running into an issue with every time I close my browser my app that is running on Azure App Services redirects to Microsoft Identity platform and requires a login.

Desired behavior is that a user logins in once and doesn't have to if they close browser and reopen immediately after.

The azure app service is running a .NET 6 web application that uses Microsoft.Identity packages for authentication/authorization at the app level, I don't think this is the issue but wanted to mention it.

The app service is integrated with "Easy Auth" in the Azure portal and the Microsoft Identity platform single tenant model for my company. Is there a configuration option I'm missing or has anyone run into this issue before?

EDIT: Updates to authsettingsV2 for parameters. I can confirm I see the prompt parameter being passed but login fails when it is attached to the request.

I am hit with an error page that states "You do not have permission to view this directory or page."

    "identityProviders": {
    "azureActiveDirectory": {
        "enabled": true,
        "registration": {
          "openIdIssuer": "", //removed url
          "clientId": "", //removed id
          "clientSecretSettingName": "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET"
        },
        "login": {
          "loginParameters": [
            "scope=openid profile email offline_access",
            "prompt=none"
          ],
          "disableWWWAuthenticate": false
        },
        "validation": {
          "jwtClaimChecks": {},
          "allowedAudiences": [
            "api://" //removed id
          ],
          "defaultAuthorizationPolicy": {
            "allowedPrincipals": {}
          }
        },
        "isAutoProvisioned": true
    }
}, "login": {
  "routes": {},
  "tokenStore": {
    "enabled": true,
    "tokenRefreshExtensionHours": 72,
    "fileSystem": {},
    "azureBlobStorage": {}
  },
  "preserveUrlFragmentsForLogins": false,
  "cookieExpiration": {
    "convention": "FixedTime",
    "timeToExpiration": "08:00:00"
  },
  "nonce": {
    "validateNonce": true,
    "nonceExpirationInterval": "00:05:00"
  }
}
Solution

  • Alright so after many attempts to figure this out, turns out this works natively in edge because edge forwards along the OS account and Azure is able to parse that out.

    For this to work in chrome you will need to install the Windows Account chrome extension which the user will log into and then that extension will forward the account to azure and auto login.

    https://chrome.google.com/webstore/detail/windows-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji