Documentation related to component
Incremental consent
Please check all that apply
Description of the issue
After reading being referred to the documentation from the MsalUiRequiredException, I stumbled upon the Ajax calls can now participate in incremental consent and conditional access topic.
When running the AjaxCallActionsWithDynamicConsent dev app, the AJAX request triggers a CORS exception. This behaviour was supposed to be addressed by #665. However, it would appear that it was dependant on another PR in ASP.NET Core.
Since the ASP.NET Core PR was never accepted, it caused the AJAX request to return a redirect triggering the CORS exception.
I was able to get it working again after making a few changes to Startup.cs based on the comments from that PR:
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(options =>
{
Configuration.Bind("AzureAd", options);
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = context =>
{
if (IsAjaxRequest(context.Request))
{
context.Response.Cookies.Delete($"{CookieAuthenticationDefaults.CookiePrefix}{CookieAuthenticationDefaults.AuthenticationScheme}");
context.Response.Headers[HeaderNames.Location] = context.Properties.RedirectUri;
context.Response.StatusCode = 401;
context.HandleResponse();
}
else
{
context.Response.Redirect(context.Properties.RedirectUri);
}
return Task.CompletedTask;
}
};
})
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
.AddInMemoryTokenCaches();private static bool IsAjaxRequest(HttpRequest request)
{
return string.Equals(request.Query[HeaderNames.XRequestedWith], "XMLHttpRequest", StringComparison.Ordinal) ||
string.Equals(request.Headers[HeaderNames.XRequestedWith], "XMLHttpRequest", StringComparison.Ordinal);
}I can open a PR with the fix if you have no objections with the changes I applied.
Documentation related to component
Incremental consent
Please check all that apply
Description of the issue
After reading being referred to the documentation from the MsalUiRequiredException, I stumbled upon the Ajax calls can now participate in incremental consent and conditional access topic.
When running the AjaxCallActionsWithDynamicConsent dev app, the AJAX request triggers a CORS exception. This behaviour was supposed to be addressed by #665. However, it would appear that it was dependant on another PR in ASP.NET Core.
Since the ASP.NET Core PR was never accepted, it caused the AJAX request to return a redirect triggering the CORS exception.
I was able to get it working again after making a few changes to Startup.cs based on the comments from that PR:
I can open a PR with the fix if you have no objections with the changes I applied.