Mitch Comments - Answer Overflow

Mitch

•Created by Mitch on 9/24/2024 in #help

Why do my Admin controllers trigger OnRemoteFailure in ConfigureOpenIdConnectOptions when using cust

Additionally, based on whether I choose to add the SigmaSSO to the authbuilder first or the EntraIdOIDC to the authbuilder first, I always get an error

An error was encountered while handling the remote login.
Stack Trace:
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)

An error was encountered while handling the remote login.
Stack Trace:
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)

it either throws for one or the other in my app

3 replies

CC#

•Created by Mitch on 9/24/2024 in #help

Why do my Admin controllers trigger OnRemoteFailure in ConfigureOpenIdConnectOptions when using cust

I also have this event configured in ConfigureOpenIdConnectOptions:

options.Events = new OpenIdConnectEvents()
{
    OnRemoteFailure = ctx =>
    {
        ctx.HandleResponse();
        ctx.Response.Redirect("/");
        return Task.FromResult(0);
    }
};

options.Events = new OpenIdConnectEvents()
{
    OnRemoteFailure = ctx =>
    {
        ctx.HandleResponse();
        ctx.Response.Redirect("/");
        return Task.FromResult(0);
    }
};

For my controllers, I have the following attributes: Admin Controllers:

[Area("Admin")]
[Authorize(Policy = "AdminSection")]

[Area("Admin")]
[Authorize(Policy = "AdminSection")]

Frontend Controllers:

 [Area("Admin")]
 [Authorize(Policy = "FrontEnd")]

 [Area("Admin")]
 [Authorize(Policy = "FrontEnd")]

ConfigureAzureAdConnectOptions only contains basic information as such:

    options.Instance = "https://login.microsoftonline.com/";
    options.Domain = "azure-domain-here";
    options.TenantId = "someguid";
    options.ClientId = "some-other-guid";
    options.CallbackPath = "/signin-oidc";
    options.SignInScheme = "AzureCookies";
    options.Scope.Add("openid");

    options.Instance = "https://login.microsoftonline.com/";
    options.Domain = "azure-domain-here";
    options.TenantId = "someguid";
    options.ClientId = "some-other-guid";
    options.CallbackPath = "/signin-oidc";
    options.SignInScheme = "AzureCookies";
    options.Scope.Add("openid");

The problem I'm encountering is that when I access any of my Admin controllers, the OnRemoteFailure event is triggered from the ConfigureOpenIdConnectOptions class, which causes a redirect to the homepage. I expect this event to trigger only on OpenID Connect-related failures, but it is happening consistently when accessing admin routes. Why are my Admin controllers triggering the OnRemoteFailure event from ConfigureOpenIdConnectOptions? How can I prevent this behavior and ensure it only triggers on legitimate OpenID Connect failures? Additional Information: * I am using ASP.NET Core 8.0. * The "AdminSection" policy is configured to use the EntraIdOIDC scheme, which I believe should map to Azure AD authentication. * The "FrontEnd" policy uses the SigmaSSO OpenID Connect scheme.

3 replies

CC#