Search code examples
c#.net-coreazure-active-directoryasp.net-membership

Associate your Microsoft account. Email entry. Again and Again

I just put together a .Net Core App via the documentation that authenticates with an Azure Active Directory.

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?view=aspnetcore-5.0

I created and linked up the app id and secret, works great, but I'm trying to understand the behavior.

When I first log in, it asks me to associate an email with the account. Why is this? My understanding, based on the database, is that you can log in without a real user presence on the internal user membership database. A soft authentication, so to say.

When you, associate the user with an email it will create a membership record, that you can associate with roles.

  1. Why the bifurcation...after isn't it my desire to create them as a user automatically with the same username?

  2. After I've created the user and logged in a second time, why does the app "out of the box", ask them to associate an email address a second time? Which will simply error out as a duplicate entry. Shouldn't the view check if the user exists first before displaying that text?

I know I can make changes in code to get this behavior working more properly, but I suspect I'm missing something critical here.

Most importantly, I can attempt to hack it and automatically log them in and bypass this email step, but is there a way to do this via a setting?

Thanks!

Solution

  • Associating an email with the account should be expected behavior.

    Now that you have chosen use Individual User Accounts to sign into your .Net Core App, although you sign in with an Microsoft account, there is not a individual User Account in the app currently.

    You still need to be redirected back to the web site where you can set your email, which is recognized as a individual User Account. See reference here.

    1. Why the bifurcation...after isn't it my desire to create them as a user automatically with the same username?

    Maybe your idea is reasonable, but there will be users who use emails different from Microsoft accounts. And not all AAD work accounts have mailbox if they don't have O365 subscription with Exchange Online license. In this case they have to use another different email.

    1. After I've created the user and logged in a second time, why does the app "out of the box", ask them to associate an email address a second time? Which will simply error out as a duplicate entry. Shouldn't the view check if the user exists first before displaying that text?

    It is because that you didn't confirm your account. When you first create the user (click on Register after sign in with Microsoft account), you are redirected to the to /Identity/Account/RegisterConfirmation page which contains a link to simulate email confirmation:

    1. Select the Click here to confirm your account link.
    2. Select the Login link and sign-in with the same credentials.

    Then you won't be required to Register any more.

    enter image description here