I'm working on an ASP.NET web application on .NET 4.8, and I receive the task to implement Azure AD for this application.
I created this startup.cs:
[assembly: OwinStartup(typeof(ApplicationName.Startup))]
namespace ApplicationName
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = ConfigurationManager.AppSettings["AzureAd:ClientId"],
Authority = $"{ConfigurationManager.AppSettings["AzureAd:Instance"]}{ConfigurationManager.AppSettings["AzureAd:TenantId"]}",
ClientSecret = ConfigurationManager.AppSettings["AzureAd:ClientSecret"],
RedirectUri = ConfigurationManager.AppSettings["AzureAd:RedirectUri"],
PostLogoutRedirectUri = ConfigurationManager.AppSettings["AzureAd:PostLogoutRedirectUri"],
SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("/Error/Errors?message=" + context.Exception.Message);
return Task.CompletedTask;
},
AuthorizationCodeReceived = async context =>
{
var clientId = ConfigurationManager.AppSettings["AzureAd:ClientId"];
var clientSecret = ConfigurationManager.AppSettings["AzureAd:ClientSecret"];
var authority = $"{ConfigurationManager.AppSettings["AzureAd:Instance"]}{ConfigurationManager.AppSettings["AzureAd:TenantId"]}";
var RedirectUri = ConfigurationManager.AppSettings["AzureAd:RedirectUri"];
var cca = ConfidentialClientApplicationBuilder.Create(clientId)
.WithClientSecret(clientSecret)
.WithAuthority(new Uri(authority))
.WithRedirectUri(RedirectUri)
.Build();
var result = await cca.AcquireTokenByAuthorizationCode(new[] { "User.Read" }, context.Code).ExecuteAsync();
// Extrair as informações do usuário a partir do token recebido
var userClaims = result.ClaimsPrincipal.Claims;
var identity = new ClaimsIdentity(context.AuthenticationTicket.Identity.AuthenticationType)
identity.AddClaims(userClaims);
// Adiciona a nova identidade com as reivindicações ao ticket
context.AuthenticationTicket = new AuthenticationTicket(identity, context.AuthenticationTicket.Properties);
}
}
});
}
}
}
And this part looks working good. The problem is, when I try to get the user's email in a controller, the claims are completely different from when I checked in the userClaims variable (startup.cs).
The controller code is this:
[HttpGet]
public async Task<ActionResult> ActionName()
{
var claimsPrincipal = HttpContext.User as ClaimsPrincipal;
if (claimsPrincipal != null)
{
// Obter as informações da clain
var userName = claimsPrincipal.FindFirst(ClaimTypes.Name)?.Value;
var userEmail = claimsPrincipal.FindFirst(ClaimTypes.Email)?.Value;
// more code...
}
}
I've checked all the claims inside claimsPrincipal, and they are completely different from the claims in Startup.cs.
I just want to get the email from the logged-in user.
The problem was in my Startup.cs. I was receiving the authentication token but was missing the configuration to save and manipulate it.
I just add the following code at the top of my startup configuration
// Configuração de autenticação por cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "ApplicationCookie",
LoginPath = new PathString("/Login/Login"),
LogoutPath = new PathString("/Login/Logout"),
CookieName = "ApplicationNameAuthCookie"
});