PDA

View Full Version : Adding SSO via Azure AD to my MVC app



USERNAMESAREOLDSCHOOL
Jan 29, 2021, 1:15 PM
Hey folks!

I'm currently trying to add, besides our ext.net "form" authentication, a simple Single Sign-On via Azure Active Directory following this document: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-webapp

I've already added the appropriate login/logout controller methods and the startup-config, but I'm still not getting redirected to the SSO login page. Maybe I'm missing anything regarding the coexistence of forms authentication or what am I doing wrong?

My login.aspx page has the following SSO button implemented:


<ext:FormPanel runat="server" FormID="Form_SSO" Border="false" Layout="HBoxLayout" PaddingSpec="10" MarginSpec="0 0 8 0">
<Items>
<ext:Button ID="ButtonSingleSignOn" runat="server" Text="Login" Icon="Key" Height="25" Flex="1" AutoPostBack="true">
<DirectEvents>
<Click Url="/User/Login" Timeout="60000" Method="POST" Before="Ext.Msg.wait('Redirecting ...', 'SSO Authentication');">
<ExtraParams>
<ext:Parameter Name="ReturnUrl" Value="GetReturnUrl()" Mode="Raw" />
</ExtraParams>
</Click>
</DirectEvents>
</ext:Button>
</Items>
</ext:FormPanel>
----- textbox/password and login button providing forms authentication -----



The appropriate UserController method:


[AcceptVerbs(HttpVerbs.Post)]
public void Login(string returnUrl)
{
if (!Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challe nge(
new AuthenticationProperties { RedirectUri = returnUrl },
OpenIdConnectAuthenticationDefaults.Authentication Type);
}
}


Any help would be highly appreciated, thanks!

fabricio.murta
Jan 29, 2021, 4:11 PM
Hello @User... names.. are.. oldschool? :)

I guess at least it is better than showing up email addresses... Anyway, back to subject!

I believe once you figure out the URL you want to redirect to, you can just add script or response to do so.

See Default.aspx's Button1_Click() event in this example: Desktop > Introduction > Overview (https://examples5.ext.net/#/Desktop/Introduction/Overview/)

In this case it adds a Response.Redirect() for a full page switch. Instead though, you can build a window/modal from code behind, and as a type=frame loader, open the SSO login page within that modal! If not fully code-behind, you can keep the window hidden and just configure it + show when need be.

To piece it together, here's an example using different flavors of Loader-Frame in panels: Panel > Basic > Loader (https://examples5.ext.net/#/Panel/Basic/Loader/).

The example is about a panel, but windows can be seen as just an extension to panels where they can float, be moved around and gray out the screen behind it. So any (or most) loader setting to Panels should apply to Windows too!

Using this frame approach ensures the inner page is a full load of the inner page so no missing/broken scripts, links or unexpected surprises.

Hope this helps!

USERNAMESAREOLDSCHOOL
Feb 03, 2021, 1:45 PM
Thanks for the ultra-fast reply Fabricio!
Was very uncreative for picking a username tbh haha... not to be taken too seriously at all.

Unfortunately, I can't simply add a redirect URL to implement your solution above.
It has to happen via the controller to start the auth challenge from Azure AD. There is some token ID stuff and some other magic happening within the controller call.

So is there no way of adding a property/argument/config to the button or another usable ext element for that kind of request?
Or did I get you wrong on your second idea? Could you maybe provide a Code example?

Best wishes

fabricio.murta
Feb 04, 2021, 5:40 AM
Hello again, @USERNAMESAREOLDSCHOOL!

Well, I can't think on an example or suggestion, I don't really get what you need. Maybe, what if you drawn a simple mock up example reproducing the scenario, including also what you can't get, so at least we can be at the same page? So you could, for instance, return a static string or response according to what you get from Owin challenge. From that we could tell you for sure what to do.

If you're not up for that, here's a guess that may get you on track: I believe you may need to handle the response owin sends back depending on its challenge result, whatever it is. Take a look at this forum thread: Authorize redirect Direct method call (https://forums.ext.net/showthread.php?52671-CLOSED-Authorize-redirect-Direct-method-call).

With said callback in mind (read thru the thread above), you'd need to step the function (similar to Before you used, there are After, Success and Complete -- I'd start with [var]Success[var] callback to grasp what's returned by the server depending on the challenge result). A good idea seems to use the browser's developer tool to step thru the response callback method (no need to run VS in debug mode/attached to check client-side results). And then depending on the response received, handle it accordingly. Or simply use these responses to base you stub as suggested first.

Hope this helps!