.NET Core WsFederation Authentication login loop on localhost

Question

I\'m trying to implement WsFederation Azure AD authentication into my app, so that users must sign in as soon as they hit the application. However, when the app starts, it

Answer 1

I've managed to resolve it - I believe it to be a CORS issue.

app.UseCors(policy => policy.SetIsOriginAllowed(origin => origin == "https://login.microsoftonline.com"));
app.UseAuthentication();
app.Use(async (context, next) =>
{
    if (!context.User.Identity.IsAuthenticated && context.Request.Path != "/signin-wsfed")
    {
        await context.ChallengeAsync(WsFederationDefaults.AuthenticationScheme);
    }
    else
    {
        await next();
    }
});

Answer 2

Hope this isn't too late but I've experienced a related issue and resolved it by moving the UseAuthentication top of UseMvc in Configure as written in the doc (emphasis is mine) :

In the Configure method, use the UseAuthentication method to invoke the Authentication Middleware that sets the HttpContext.User property. Call the UseAuthentication method before calling UseMvcWithDefaultRoute or UseMvc:

I hope this will avoid the hack of checking every request with context.ChallengeAsync!