TechQA.

Microsoft Authentication doesn't recognize redirect url property

1.1k views Asked by At

I have a problem with my asp .net webapp Im developing right now. I added the possibilty to login with a microsoft account. But I have the problem, that it doesn't take my custom redirect url. In my Azure Ad application the redirect url is configured to /Profile, but the request redirect url it gets from my login button is everytime /signin-microsoft

My Authentication in my startup.cs looks like this

services.AddAuthentication("Cookies")
                .AddCookie(opt =>
                {
                    opt.Cookie.Name = "AuthCookie";

                })
                .AddMicrosoftAccount(opt => {
                    opt.SignInScheme = "Cookies";
                    opt.AuthorizationEndpoint = _configuration["AzureAd:AuthorizationEndpoint"];
                    opt.TokenEndpoint = _configuration["AzureAd:TokenEndpoint"];
                    opt.ClientId = _configuration["AzureAd:ClientId"];
                    opt.ClientSecret = _configuration["AzureAd:ClientSecret"];

                });

I dont know if this is important but my used options in applicationsettings are:

"AzureAd": {
    "ClientId": "<clientId>",
    "ClientSecret": "<clientSecret>",
    "AuthorizationEndpoint":"https://login.microsoftonline.com/<tenantId>/oauth2/v2.0/authorize",
    "TokenEndpoint": "https://login.microsoftonline.com/<tenantId>/oauth2/v2.0/token"
  }

Ofc i entered the correct IDs in this

My Login Controller:

[HttpGet("microsoft")]
        public async Task<ActionResult>Login(string RedirectUri)
        {
            AuthenticationProperties props = new AuthenticationProperties
            {
                RedirectUri = RedirectUri
            };
            return Challenge(props, MicrosoftAccountDefaults.AuthenticationScheme);
        }

And my login button:

<NotAuthorized>
   <li class="nav-item">
       <a class="nav-link" href="Login/microsoft?RedirectUri=/Profile">
            Login
       </a>
   </li>
</NotAuthorized>

As you can see the Redirect paramenter should be /profile and I set it also in the Authentication Properties to this value, but when i click the login button the url is always:
https://login.microsoftonline.com/%5C\<tenantId>/oauth2/v2.0/authorize...&redirect_uri=https%3A%2F%2Flocalhost%3A5000%2Fsignin-microsoft&...

So why doesnt it take /Profile as redirect Url?

It is expected that the redirect uri parameter is localhost:5000/Profile

c# asp.net authentication azure-active-directory microsoft-account
Original Q&A
1

There are 1 answers

0
kavyaS On

I tried to reproduce the same in my environment.

Make sure to use the following in the order in startup.cs

  app.UseAuthentication();
    //app.UseIdentityServer();
         app.UseAuthorization();

enter image description here

When I configure it the other way:

     app.UseAuthorization();    
app.UseAuthentication();
//app.UseIdentityServer();

I was continuously redirected to the Microsoft login page even after signing in.

enter image description here

Make sure the redirect must have the below format: pattern: "{controller=Home}/{action=Index}/"); i.e;

RedirectUri = "/home/about"

Or

RedirectUri = "/home/profile"

Below is the result ,if action part is directly requested in browser. enter image description here

Always recheck and set the redirects in the portal such that it matches the redirects in your code.

enter image description here

In startup.cs , include the scopes required for the operations.

public void ConfigureServices(IServiceCollection services)
        {
       …..
services.AddAuthentication(options =>
{
    options.DefaultChallengeScheme = MicrosoftAccountDefaults.AuthenticationScheme;
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(option =>
{
    option.Cookie.Name = ".myAuth"; //optional setting
})
.AddMicrosoftAccount(microsoftOptions =>
{
                o.ClientId = Configuration["microsoftaccount:clientid"];
                o.ClientSecret = Configuration["microsoftaccount:clientsecret"];
                o.SaveTokens = true;
                o.Scope.Add("offline_access profile ");
                o.CallbackPath ("/signin-oidc"); //microsoft-signin
                o.Events = new OAuthEvents()
                {
                    OnRemoteFailure = HandleOnRemoteFailure
                };
            })
         …..

}

The scopes for delegated Api permissions required must be granted admin consent .

enter image description here

Then the user is authenticated successfully

enter image description here

If the user is authenticated , then only it is redirected to the specified redirect page/uri.

enter image description here

Reference : How to redirect to particular page after Azure AD Login? - Stack Overflow

Related Questions in C#

Related Questions in ASP.NET

Related Questions in AUTHENTICATION

Related Questions in AZURE-ACTIVE-DIRECTORY

Related Questions in MICROSOFT-ACCOUNT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions