0

I have an Azure AD B2C token that seems to be correctly returning the currently logged-in user's name. Here is a screenshot from jwt.ms which I am using to decode the token returned by the application after I have logged in:

enter image description here

However, then I attempt to use @User.Identity.Name in my _Layout.cshtml. Why is it null? Shouldn't it be equal to the "name" value in the screenshot?

aBlaze
  • 2,436
  • 2
  • 31
  • 63
  • You may need to tell the middleware where to find the `Name` but it would depend on the middleware your using. – Marc LaFleur Mar 24 '18 at 18:51
  • I'm using the following: `app.UseKentorOwinCookieSaver();`. That that what you mean by "middleware"? – aBlaze Mar 24 '18 at 19:10
  • Curious... why are you using [Kentor.OwinCookieSaver](https://github.com/Sustainsys/owin-cookie-saver)? – spottedmahn Mar 26 '18 at 15:33
  • 1
    @spottedmahn I was using it "just in case" this was the problem: https://stackoverflow.com/questions/31720820/application-stops-generating-login-cookies. I can probably remove it. – aBlaze Mar 26 '18 at 20:30

2 Answers2

4

It turned out I was missing the line marked by the comments:

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                // Generate the metadata address using the tenant and policy information
                MetadataAddress = String.Format(AadInstance, Tenant, DefaultPolicy),

                // These are standard OpenID Connect parameters, with values pulled from web.config
                ClientId = ClientId,
                Authority = Authority,
                PostLogoutRedirectUri = RedirectUri,
                RedirectUri = RedirectUri,

                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    RedirectToIdentityProvider = OnRedirectToIdentityProvider,
                    AuthenticationFailed = OnAuthenticationFailed,
                    AuthorizationCodeReceived = OnAuthorizationCodeReceived,
                },

                //////// WAS MISSING THIS BELOW /////////
                // Specify the claims to validate
                TokenValidationParameters = new TokenValidationParameters
                {
                    // This claim is in the Azure AD B2C token; this code tells the web app to "absorb" the token "name" and place it in the user object
                    NameClaimType = "name"
                },

                // Specify the scope by appending all of the scopes requested into one string (separated by a blank space)
                Scope = $"{OpenIdConnectScopes.OpenId} {ReadTasksScope} {WriteTasksScope}"
            }
        );

The entire file is located here: https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi/blob/master/TaskWebApp/App_Start/Startup.Auth.cs

aBlaze
  • 2,436
  • 2
  • 31
  • 63
  • FYI, the [comment has been updated](https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi/pull/30) :) `// Specify the claim type that specifies the Name property.` – spottedmahn Mar 27 '18 at 15:22
1

See this working example that is using Owin (which it sounds like you're using).

<ul class="nav navbar-nav navbar-right">
    <li>
        <a id="profile-link">@User.Identity.Name</a>
        ...
    </li>
</ul>

Source

public void ConfigureAuth(IAppBuilder app)
{
    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

    app.UseCookieAuthentication(new CookieAuthenticationOptions());

    app.UseOpenIdConnectAuthentication(

        ...
    );
}

Source

spottedmahn
  • 14,823
  • 13
  • 108
  • 178