I'm trying to implement WsFederation Azure AD authentication into my app, so that users must sign in as soon as they hit the application. However, when the app starts, it directs to the AAD instance, but then gets stuck in a loop with a blank screen.

My app runs on http://localhost:61213/, in which I've added it as a ReplyUrl in the Azure App Registration dashboard.

Other answers to this suggest that the app should be running over https, however when I've tried to implement those changes, it still doesn't work.

Any ideas? Thanks in advance!

Edit

I've changed the app to use SSL in VS, so it runs off https instead. Looping issue still persists.

Startup.cs

    private void ConfigureAuth(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            options.CheckConsentNeeded = context => false;
            options.MinimumSameSitePolicy = SameSiteMode.None;
            options.Secure = CookieSecurePolicy.SameAsRequest;
        });

        services.AddAuthentication(sharedOptions =>
            {
                sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
            })
            .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme,
                options =>
                {
                    options.Cookie.Name = ".AspNet.SharedCookie";
                    options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
                    options.Cookie.SameSite = SameSiteMode.None;
                })
            .AddWsFederation(options =>
            {
                options.MetadataAddress =
                    $"https://login.microsoftonline.com/{aadTenant}/federationmetadata/2007-06/federationmetadata.xml";
                options.Wtrealm = wTrealm;
                options.Wreply = "http://localhost:61213/";
                options.RequireHttpsMetadata = false;
            });

        services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Error");
            app.UseHsts();
        }

        app.UseHttpsRedirection();

        if (env.IsProduction())
        {
            app.UseStaticFiles();
            app.UseSpaStaticFiles();
        }

        app.Use(async (context, next) =>
        {
            if (!context.User.Identity.IsAuthenticated)
            {
                await context.ChallengeAsync(WsFederationDefaults.AuthenticationScheme);
            }
            else
            {
                await next();
            }
        });

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller}/{action=Index}/{id?}");
        });

        app.UseSpa(spa =>
        {
            // To learn more about options for serving an Angular SPA from ASP.NET Core,
            // see https://go.microsoft.com/fwlink/?linkid=864501

            spa.Options.SourcePath = "ClientApp";

            if (env.IsDevelopment())
            {
                spa.UseAngularCliServer(npmScript: "start");
            }
        });

        app.UseCookiePolicy();
        app.UseAuthentication();
    }

I've managed to resolve it - I believe it to be a CORS issue.

app.UseCors(policy => policy.SetIsOriginAllowed(origin => origin == "https://login.microsoftonline.com"));
app.UseAuthentication();
app.Use(async (context, next) =>
{
    if (!context.User.Identity.IsAuthenticated && context.Request.Path != "/signin-wsfed")
    {
        await context.ChallengeAsync(WsFederationDefaults.AuthenticationScheme);
    }
    else
    {
        await next();
    }
});