Kentico 13 Core - OpenID + Azure AD

Leonardo Hickstein asked on April 6, 2021 07:45

Hi everyone,

We're trying to get a new project up and running with Kentico 13 Core.

All has gone smoothly up until now when we need to implement Open Id authentication for our Azure Directory, which we're doing using this Microsoft guide: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp.

While the sample project works well, migrating the same method to our Kentico UI site does not. The user is redirected to external authentication after clicking the Sign In button, and after logging in, external authentication is redirecting the user back to our Kentico UI website. If we inspect the external authentication callback to our website, we are able to see that the id token was correctly returned (as image below), however, all this information does not seem to propagate to User.Identity. If we try to check whether the user is authenticated or not in _LoginPartial.cshtml it is always null.

Image Text

I'm guessing Kentico also registers its own authentication handler internally, and that it's clearing/overriding our open id authentication, would that be a correct assumpting?

Also, would anyone have any Open ID + AD + Kentico 13 Core sample that we can use as a guide?

Sample code below so you can get an idea of our implementation:

Startup.cs:

    public void ConfigureServices(IServiceCollection services)
    {
    . . .

        services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
            .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"));

        . . .

        services.AddRazorPages()
            .AddMicrosoftIdentityUI();
    }

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
    . . .

        app.UseAuthentication();
        app.UseAuthorization();

    . . .
    }

appSettings.json:

  . . .

  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "[Enter the domain of your tenant, e.g. contoso.onmicrosoft.com]",
    "ClientId": "Enter_the_Application_Id_here",
    "TenantId": "Enter_the_Tenant   _Id_here",
    "CallbackPath": "/signin-oidc"
  }

  . . .

_LoginPartial.cshtml

<ul class="navbar-nav">
    @if (User.Identity.IsAuthenticated)
    {
        <li class="nav-item">
            <span class="navbar-text text-dark">Hello @User.Identity.Name!</span>
        </li>
        <li class="nav-item">
            <a class="nav-link text-dark" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignOut">Sign out</a>
        </li>
     }
    else
    {
        <li class="nav-item">
            <a class="nav-link text-dark" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignIn">Sign in</a>
        </li>
    }
</ul>

Thanks Leonardo Hickstein

Recent Answers

Dmitry Bastron answered on April 6, 2021 10:00

Hi Leonardo,

Yes, your assumption is correct, please consider going through ASP.NET Core Identity + Kentico documentation examples here.

1 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.