Last post Apr 10, 2020 01:35 PM by suencien
Apr 09, 2020 08:39 AM|suencien|LINK
I've been using Microsoft external authentication that has been working for a few years. It suddenly stopped working.
I'm using ASP.NET Web Forms. At SDK Live application setting, the redirect URL is set to https://iluvrun.com/signin-microsoft.
So when a user enters the right username and password, the user is asked for permission to give access to iLuvRun, the user is redirected back to the site correctly but with error=access_denied at the query string. Context.GetOwinContext().Authentication.GetExternalLoginInfo()
When I check the user's app and services the user's give access, iLuvRun is there with a very recent last used date. So it did authenticate.
I don't understand what's going on. Is anyone experiencing the same problem? Can someone please help?
Apr 09, 2020 09:04 AM|PatriceSc|LINK
I assume the application is registered as well on a portal? My first move would be to check if the application "secret" is not expired.
Apr 09, 2020 10:19 AM|suencien|LINK
Thank you for responding.
Yes the application is registered at Live SDK applications. I have tried regenerating a new password and the problem still persists.
I have also tried deleting the platform and re-adding, but it doesn't make any difference.
Apr 09, 2020 12:08 PM|PatriceSc|LINK
I was thinking about just looking if the "secret" was expired or not which should be shown on the Azure portal (and trying a new secret only it it seems to make sense because one just expired).
Also you used https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-registration-portal#live-sdk-support ?
Searching for oauth and access_denied it seems to happen when the user doesn't grant access to the app. I suspect it could also happen if the user is not allowed to grant some permissions requested by the app? The consent dialog is really just showing basic
stuff ? You see the same thing with an admin account?
Even if not related to your issue, try to consider upgrading quite soon. As the SDK is outdated you'll likely need to find someone still using it for further help.
Apr 09, 2020 01:15 PM|suencien|LINK
I'm not using Azure portal but am using Live SDK application instead (https://apps.dev.microsoft.com/). The secret here does not have an expiry date.
Hmmm it's funny access_denied still occurs even if the user grants access. Or is it maybe the app needs 'verification' from the portal first?
Yes, the dialog is basic common stuff. Why is the user not allowed to grant access while the request is only for basic authentication?
Apr 09, 2020 02:44 PM|mgebhard|LINK
The live login has been deprecated and moved to Azure.
Apr 09, 2020 07:58 PM|PatriceSc|LINK
Ok and it happens from all browsers, for all accounts and for all applications if you have more than one? I'm trying to make sure nothing changed on your side (Chrome 81 update or whatever ?)
Part of the problem when using an outdated SDK and having an unclear problem is to find someone using it that could give a try (or someone that is willing to invest some time to understand and try a SDK he won't ever need himself) to confirm if it is supposed
to work or if maybe something broke unintentionally or whatever. Though MS usually keep legacy stuff for quite some time sooner or later they could drop really drop support for that once usage is really low...
Apr 09, 2020 08:09 PM|mgebhard|LINK
I logged in to https://apps.dev.microsoft.com/ and the links in my last thread came from the results.
Application registrations portal is no longer available to register and manage converged applications. We recommend that you manage your existing applications and register new applications by using the App registrations (now Generally Available) experience
in the Azure portal. Learn more in the blog announcement. Launch the new App registrations experience in the Azure portal. My applications You can no longer manage converged applications here. Go to the Azure portal
Apr 10, 2020 01:34 PM|suencien|LINK
Yes it's happening on all browsers, including PC and mobile.
Alright it's probably time to move to Azure :)
Apr 10, 2020 01:35 PM|suencien|LINK
OK then Azure it is :) Thank you for the advice!