In short: how can I find efficiently the .NET-Core code (using VS2022), where a HTTP redirection is handled (the app was created using the console and makes use of a lot of extensions)
It know how to add some breakpoints in Startup.cs or Program.cs and to Watch items like configuration, services or app, endpoints. But how do they help me, after Program.cs has worked off an the App is running? In PHP, i can see each single file with code and add Debugging-Snippets everywhere. But in the example below, i can only see code which seems to "Build something". I can’t see what happens when this Host has been built (CreateHostBuilder) and a simple HTTP-Request is received.
As i mentioned, i worked with PHP. I’m not yet familiar with VS2022 nor .NET-Core and this monolithic architecture. I’m happy for some advices how to search efficiency in a solution. Or maybe some useful links; I wasn’t able to find useful resources.
Background and description of code below:
I followed this tutorial to create an Blazor App with ".NET Core 3.1" to authenticate on MS Azure AD and Read data from the corresponding O365 Account using the MS Graph API. So far so good, this works and, as soon as the Website loads, the visitor is redirected to the login page https://login.microsoftonline.com/ to authenticate.
Now, i’d like to avoid this redirect and reimplement the login process in a popup / modal. I’ve found some Tutorials attempting to do this, but always targeted another language / version / extensions. So i came up with the idea to analyse the existing code and find the names of the appropiate parts / extensions, so i can take a deeper look in the Documentation and the configuration values possible. The question is: Which part is responsible for what?
I tried to use the "Go to Definition" and always end up in a dead end. I’ve also detected an "Object Browser" but I’m not sure if this helps in my case. Unfortunately, I don’t have the links to the original resources used to create this Code.
Program.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
namespace Blazor_Server_App
{
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
}
}
Startup.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Components;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Blazor_Server_App.Data;
using Microsoft.Graph;
namespace Blazor_Server_App
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
var initialScopes = Configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' ');
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"))
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
services.AddControllersWithViews()
.AddMicrosoftIdentityUI();
services.AddAuthorization(options =>
{
// By default, all incoming requests will be authorized according to the default policy
options.FallbackPolicy = options.DefaultPolicy;
});
services.AddRazorPages();
services.AddServerSideBlazor()
.AddMicrosoftIdentityConsentHandler();
services.AddSingleton<WeatherForecastService>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapBlazorHub();
endpoints.MapFallbackToPage("/_Host");
});
}
}
}
2
Answers
You will not be able to avoid having to redirect to https://login.microsoftonline.com/ to do a microsoft login. Microsoft(and any OAuth provider really) would not allow it to be embedded in your website as it would allow you to harvest user credentials as they enter them/clickjack the user.
It may be a better user experience to have a "Login with Microsoft" button that does the redirect when clicked rather than immediately redirect to the Microsoft login upon loading your webpage.
Jet Brains has some good tooling for decompiling and looking at sources.
https://www.jetbrains.com/decompiler/
Even better Resharper coupled with Dot Peek will allow you to do all this inside of the IDE. It will even pull down the original sources for decompiled code that has debug symbols and a symbol server for. This should be the case for .NET 6 sources.
https://www.jetbrains.com/dotnet/
These are paid tools but well worth it for especially when you take into account the productivity gains Resharper provides in code annotations, syntax completion and refactoring. Although I will say the stock Visual Studio experience gets better every release and is not starting to rival Resharper.
Hope this helps.
Clarification:
DotPeek is free on its own. It only cost money if you want the full ide integration with Resharper. ILSpy is another free decompiler.