ASP.NET updates to support Windows Azure Active Directory
Today we released an update to the Visual Studio **2013 Preview **which enables you to create ASP.NET applications which use Windows Azure Active Directory for authentication.
In this post I will describe; how you can get the additional support, where to find more info and a list of known issues.
How to get the latest support
In order to try out the latest support you will need to first download and install Visual Studio 2013 Preview. After installing this to get the latest features for Windows Azure AD (WAAD) you will need to install ASP.NET and Web Tools Preview Refresh (Supports English version of VS2013 Preview only).
More info on these features
We have created some formal docs which describe the New Web Project dialog at http://asp.net/vnext/overview/latest/creating-web-projects-in-visual-studio. You can read more about the WAAD features under the Organizational account authentication options section. In that walk through we cover the following scenarios.
You can also take a look at Vittorio’s blog post Easy Web App Integration with Windows Azure Active Directory, ASP.NET & Visual Studio for some additional information regarding the Multi-tenant/organization support.
With this release we are interested in receiving feedback on the Cloud Single and Multi Organization scenarios. If you are a WAAD customer who is interested in using WAAD for Single Sign On with your web applications we’d love to hear from you. You can either leave your comments below or email me directly at firstname.lastname@example.org. Now to the known issues.
Below you’ll find a list of known issues with the WAAD support which is contained in the ASP.NET and Web Tools Preview Refresh (Supports English version of VS2013 Preview only).
Registering a new organization with a multi-tenant application may not work in some cases
For a multi-tenant application when registering a new tenant, you may receive the error below.
An error occurred while processing your request.
HTTP Error Code:
ACS90019: Unable to determine the tenant identifier from the request.
After receiving this error if you wait a few minutes and try again the process should complete successfully.
Error when navigating to a sub-app with out the trailing ‘/’
When publishing an ASP.NET project using WAAD you will receive the error below if you navigate to the app without the trailing slash on the URL. For example if you have a website at http://contoso.com and publish an application underneath, for example myapp4, you must navigate to the app with a URL that includes the trailing slash (http://contoso.com/myapp4/). Using the URL without the trailing slash (http://contoso.com/myapp4) results in the error below.
[FederationException: ID3206: A SignInResponse message may only redirect within the current web application: ‘/myapp4’ is not allowed.] System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) +74833 System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +364 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
The workaround here is to always navigate to the application with a URL that includes the trailing slash.
Multi-tenant support does not work when publishing to a sub-app
For ASP.NET projects configured to use WAAD in the **multi-tenant **scenario you must publish the application to a website. Publishing to a sub-app is not currently supported.
On-Premises option not yet supported
In this release the On-Premises option can be found in the Configure Authentication dialog, but this is not yet supported. For this release you should avoid the On-Premises option. The underlying issue is code which is placed inside of the template. There are manual workarounds here. If you are interested in trying this out send me an email at email@example.com and I can walk you through the changes required.
Error during project create for Web Forms if MVC/Web API checkboxes are checked when using Org Auth
In this preview if you select to create a Web Forms project with Org Auth and you have checked the MVC or Web API you will receive an error like the following.
In this build you should not select the MVC or Web API checkboxes when creating a Web Forms project with Org Auth.