asp.net - Azure Active Directory Flow for Web App Launched from Office 365 -


which of azure active directory authentication flows use single-tenant web application needs call microsoft graph api , launched office 365 app launcher?

office 365 using same tenant web app, , i'm using azure ad v1 endpoint. example tried not quite work scenario, because expects user not signed-in already.

i tried example: https://github.com/microsoftgraph/aspnetcore-connect-sample

it works correctly when going application directly, clicking icon in office 365 app launcher displays following error:

exception: openidconnectauthenticationhandler: message.state null or empty. 

is solution sign user out , re-authenticate them in order authorization code cache, or should use "on behalf of" flow instead?

it seems set login url directly url of home page app without state parameter.

to fix issue, home page of app recommend set. example, code sample should https://localhost:44334. if want protect web app , allow authenticate users visit, can replace code in configureservices method below , remove allowanonymous attribute in home controller:

services.addmvc(config => {     var policy = new authorizationpolicybuilder()                      .requireauthenticateduser()                      .build();     config.filters.add(new authorizefilter(policy)); }); 

after that, when visit app through office 365 apps portal, redirect user login first before can access app.


Comments

Popular posts from this blog

ios - MKAnnotationView layer is not of expected type: MKLayer -

ZeroMQ on Windows, with Qt Creator -

unity3d - Unity SceneManager.LoadScene quits application -