Forum Discussion

PaulWestwoodOne's avatar
PaulWestwoodOne
Copper Contributor
Jun 27, 2024

MFA Login does not Authenticate

I am trying to retrofit an existing C# asp.net appliction with an MFA login on Azure. I am able to get the MFA prompt, and I click on my account and the code successfully returns to the redirect URL. However, IsAuthenticated is never true and User.Identity.Name is always blank. I based my code on another MFA application for my company that works, but I can't figure out why mine doesn't. I then created a brand new app from scratch to see if I could figure out what went wrong. However, in the new app, IsAuthenticated is always true, both before login, after login and after logout, and yet User.Identity.Name is blank here as well, so the authentication is clearly not valid.

 

I have the most recent Owin DLLs installed, which at the time of this writing are mostly version 4.2.2. My code includes the usual MFA code found in many online examples. The Startup.cs file includes this code:

 

string clientId = ConfigurationManager.AppSettings["ClientId"];
string tenantId = ConfigurationManager.AppSettings["TenantId"];
string authority = "https://login.microsoftonline.com/" + tenantId + "/v2.0";
string redirectURI = ConfigurationManager.AppSettings["MFARedirect"];
string postLogoutRedirectUri = ConfigurationManager.AppSettings["PostLogoutRedirectUri"];

 

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
ExpireTimeSpan = System.TimeSpan.FromMinutes(90),
CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager(),
Provider = new CookieAuthenticationProvider
{
OnResponseSignIn = (context) => context.Properties.ExpiresUtc = DateTime.UtcNow.AddMinutes(sessionTimeout.TotalMinutes),
},
SlidingExpiration = true,
CookieSecure = CookieSecureOption.Always
});

app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = redirectURI,
UseTokenLifetime = false,
Scope = OpenIdConnectScope.OpenIdProfile,
ResponseType = OpenIdConnectResponseType.CodeIdToken,

Notifications = new OpenIdConnectAuthenticationNotifications()
{
AuthenticationFailed = OnAuthenticationFailed
}
});

 

app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

 

 

The Login method in the Home Controller includes this code:

 

HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = redirectUri },
OpenIdConnectAuthenticationDefaults.AuthenticationType
);

 

I have tried many suggestions found on Google, but nothing has made any difference. If anybody has some insight as to what might be going on here, I would greatly appreciate any help I can get.

    • PaulWestwoodOne's avatar
      PaulWestwoodOne
      Copper Contributor
      According to the network administrator, the logins are being authenticated successfully and there are no signs of any problems. I don't have direct access to see the information myself.

Resources