I'm building a web application with WsFederation Authentication in .net core 2.2. The application is quite simple and the target is just pass the authentication and drop out some strings. The strange part is that when I access the page it redirect me to login page and keep login and login..., and not able to access the page. The wctx part of url changes every seconds. Please help me to figure the root cause, thanks.
https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/wsfed?wtrealm=api%3A%2F%2F62287581-857a-4631-8397-9f1fe62a614d&wa=wsignin1.0&wreply=https%3A%2F%2Flocalhost%3A8169&wctx= CfDJ8Jgh4I_bsxBAiaSMihZSDOW7meA5qm5eqIxCJeyY0wjDxc4rHKtGLUI-FJoXNj4jjhu9NNozNM18Ga5x7rDxucjeLQqTLhlRzI2z9fgJbrSSHt1Svtvi-nj0rsHet4Zof13i_q36BKkJMwb3SxXaC30Rtuxy28gfwvybTs3etQoGxzlOjpGdpi2cThcsZQchKjFa44SIhrCU3zg5vFCLdleUQfCZo65vv13-lbQ2_GHF
Here is my startup.cs
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddWsFederation(options =>
{
options.Wreply = "https://localhost:8169";
options.Wtrealm = "api://62287581-857a-4631-8397-9f1fe62a614d";
options.MetadataAddress = "https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/federationmetadata/2007-06/federationmetadata.xml";
})
.AddCookie();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
And here is that simple page.
[Authorize]
public class HomeController : Controller
{
public string Index()
{
return $"Home. User:{HttpContext.User.Identity.Name}";
}
public string Welcome()
{
return $"Welcome. User:{HttpContext.User.Identity.Name}";
}
}
And here are the redirect urls in Azure application authentication settings.
https://localhost:8169/Home/Welcome
https://localhost:8169
https://localhost:8169/signin-wsfed
I find the solution. Just add below codes and the issue is fixed.
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});