ASP.NET Core - Azure Active directory Authentication - Unable to obtain configuration from: 'System.String'

Question

I have a .NET Core 2.2 / Angular 10 app where I want to implement an Azure AD login. The app already has a simple user/password login using JWT:

 services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        }).AddJwtBearer("Default",options=>
....
  options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = true,
                ValidateAudience = true,
                ValidateLifetime = true,
                ValidateIssuerSigningKey = true,
                ValidIssuer = Configuration["SecurityKeyIssuer"],
                ValidAudience = Configuration["SecurityKeyAudience"],
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecurityKey"]))
            };

Now I tried adding this:

 .AddJwtBearer("AzureAD",opt =>
        {
            opt.IncludeErrorDetails = true;
            opt.Authority = Configuration["ActiveDirectory:Authority"];
            opt.Audience = Configuration["ActiveDirectory:Audience"];
...
 
services
        .AddAuthorization(options =>
        {
            options.DefaultPolicy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .AddAuthenticationSchemes("Default", "AzureAD")
                .Build();
        });

I tried several variations of this, like hardcoding the authority etc. in different formats. I get to the login page where I'm able to log in using the default user/password authentication, but after that every page only shows me this 500 error:

Even after I commented out all the new configs. When I remove the AzureAD authentication scheme, it works normally again. Any suggestions?

Of course I registered the app and used the info from the Azure AD page.

Also, when trying this:

services.AddAuthentication("MyAuthenticationScheme")
      .AddMicrosoftIdentityWebApp();

It says:

Severity Code Description Project File Line Suppression State Error CS1061 'AuthenticationBuilder' does not contain a definition for 'AddMicrosoftIdentityWebApp' and no accessible extension method 'AddMicrosoftIdentityWebApp' accepting a first argument of type 'AuthenticationBuilder' could be found (are you missing a using directive or an assembly reference?) JI.Infopool.WebApp C:\Projekte\JI.Infopool - master\JI.Infopool.WebApp\Startup.cs 56 Active

Although I've included the NuGet Package Microsoft.Identity.Web

Answer 1

1.Initially please check if the login request to microsoft was locked by the firewall.

2.Make sure appsettings.json values are correct.

"AzureAd": {
  "Instance": "https://login.microsoftonline.com/",
  "Domain": "<azure ad domain>",
  "TenantId": "<azure ad tenant id>",
  "ClientId": "<backend app id>"
}

In Startup.cs

Check the following code in ConfigureServices()

    public void ConfigureServices(IServiceCollection services)
    {
        //services.AddControllersWithViews();
///
//
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddMicrosoftIdentityWebApi(Configuration, "AzureAd");
        services.AddAuthorization();

        ...
    }

In configure() method make sure you have these

        app.UseAuthentication();
        app.UseAuthorization();

Reference: using openidconnect-with-azure-ad-angular and core webapiconfiguration