I have setup following as redirect URI's under registered app:
https://localhost:44332
https://myserver.com/v1/myapp
When I run the app locally and using localhost redirect URI, click on "signin/signup" its redirecting to b2c login page and successfully redirects to localhost.
But if I run app where its deployed "https://myserver.com/v1/myapp" and uses https://myserver.com/v1/myapp as redirect URI, and click on "signin/signup" it just reloads same page and not redirects to b2c login page.
I have tried to debugged same scenario and if uses https://myserver.com/v1/myapp my breakpoint doesnt hit "OnAuthorizationCodeReceived" but works as expected when uses localhost as redirect uri.
Basically I want user to browse app as https://myserver.com/v1/myapp, click on "Signin/Signup", provide b2c credentials and rediects back to https://myserver.com/v1/myapp as a logged in user.
what I missing here if redirecting users to server address instead localhost?
I have found the issue, it was due to mismatch reply uri (under app registration) and RedirectUri setup in web.config. These uri should match exactly once I have modified its able to redirect to b2c login page.
Related
I have an ASP.NET core web app with React registered in Azure Active Directory, how can I let the user go back to the original url after login redirect?
For example when I share with another user a link like this:
https://myapp.azurewebsites.net/#/route/subroute/254
the user is redirected to the login page
https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize?client_id=***&redirect_uri=https%3A%2F%2Fmyapp.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&response_type=code&scope=user.read%20openid%20offline_access%20profile&response_mode=form_post
the login works fine but after authentication the user is redirected to the home page
https://myapp.azurewebsites.net/#/
but I want redirect user back to the previous page
https://myapp.azurewebsites.net/#/route/subroute/254
I used this link for the app configuration
https://learn.microsoft.com/it-it/azure/active-directory/develop/scenario-web-app-call-api-app-configuration?tabs=aspnetcore
For the app registration I try these redirect uri:
https://myapp.azurewebsites.net/signin-oidc
https://myapp.azurewebsites.net/.auth/login/aad/callback
Please can you help me?
I have an existing Azure Function App configured with App Service Auth using AAD.
By directly accessing the App Service website xxx.azurewebsites.net/xxx I am prompted to login, and on logging in redirect back the xxx.azurewebsites.net page.
However, with the same function app accessed via an APIM endpoint, I load the site xxx.azure-api.net/xxx, get prompted to login, and then get redirected back to the azurewebsites.net page rather than the azure-api.net one.
Is there any way to configure this redirection? I have set the Redirect URIs in the App Registrations 'Authentication' blade, however this has made no difference.
Additional information:
In the initial 401 response I can see the original URL in the headers
WWW-Authenticate Bearer realm="xxx.azurewebsites.net/xxx" ...
No, we can't set the request to redirect to azure-api.net after login.
What we need to know is if we use AD to protect the function app, it will redirect to login page when we request the function url. And after login, it will redirect back to function url and continue to do the request.
When you use APIM to access the function, the APIM is just as an interface. So it's same with the steps above after you request the APIM api to access the function. So it will not redirect to azure-api.net, it is by design.
I have a web app that is on a IIS 10 server. I am using Azure AD for authentication. Everything works fine in Visual Studio 2019. If I use the browser on the IIS server, everything works fine. It does not work on a browser on my workstation.
When I open the web app, it redirects to login.microsoftonline.com and finds my Microsoft account. It tries to redirect back but eventually says "Pick an account" "We couldn't sign you in. Please try again"
If I copy the parameter redirect_uri from the current page url, and put in a new browser, it brings me to my site authenticated.
Any help would be appreciated.
I found the issue. If neither https:// or http:// was entered in the URL, it assumed http://. Azure AD didn't like this. The solution was to add a URL rewrite in IIS to ensure https://
I have a website, let's say example.com.
The webapp is hosted on Azure.
There is an AAD app for login. The app seems correctly set up (reply URL is set to example.com).
Everything is fine when connecting directly to example.com.
However, if I try to reach example.com/data/123 directly (ie. I was not yet on example.com), I get redirected to the login page, but then the process fails with the error:
AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application
How is that possible?
I am using the following method to implement logout functionality for Azure Web App.
I am using the url https://login.microsoftonline.com/{0}/oauth2/logout?post_logout_redirect_uri={1} where {0} is the Azure AD url and {1} is the web app url.
Sample url: https://login.microsoftonline.com/myazuread.onmicrosoft.com/oauth2/logout?post_logout_redirect_uri=http://myazurewebapp.azurewebsites.net
This gives me the output stating
You signed out of your account
It's a good idea to close all browser windows."
But when I put the site url on the browser the user goes through without going through authentication. I have also added code for expiring the cookies, but it's not helping. After signout I want the user to be redirected to the login page and also the user should have to go through authentication for logging in.
According to your description, I have created a new ASP.NET Web Application that doesn't require any user authentication, then I followed this tutorial for configuring my web app to use AAD login.
To restrict access to your site to only users authenticated by Azure Active Directory, set Action to take when request is not authenticated to Log in with Azure Active Directory.
When a user has logged in, you could find a cookie named AppServiceAuthSession as follows:
For a simple way to log out, you could just call https://{your-webapp-name}.azurewebsites.net/.auth/logout, this in-build endpoint would clear your browser cookies first, then redirect you to process the log out at Azure AD end as follows:
When the log out operation is finished at Azure AD side, the browser would redirect you to the post_logout_redirect_uri(/.auth/logout/complete by default) as follows:
In summary, please leverage fiddler to capture the requests when performing log out in your web app, and try to see whether the cookie AppServiceAuthSession has been removed after you logged out.
#Bruce . No i am not using any URL authentication rules . let me tell you whats happening step by step .
1)I have used the same url u have provieded as log out url .
2) Page is redirecting to the https://login.microsoftonline.com/myazuread.onmicrosoft.com/oauth2/logout?post_logout_redirect_uri=https://mywebapp.azurewebsites.net/.auth/login/aad/callback . Its not getting redirected to the default logout page.
Image of cookies on the page after redirecting to logout url
3)If i navigate to the default logout page (/.auth/logout/complete) and click on "Return to website" for a brief moment it redirects to the azure ad login page //login.microsoftonline.com/dcc17943-54b6-4bc7-b284-71d39f03aeb0/oauth2/authorize?response_type=id_token&redirect_uri=https%3A%2F%2Fmywebapp.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=1ab2f820-2ca0-4a78-bfea-c849b91d339d&scope=openid+profile+email&response_mode=form_post&state=redir%3D%252F%26b2cPolicy%3D&nonce=d74940629d5e434eb6454648d33f371d_20170215104002 . Seems like it gets authenticated there automatically . And then redirects to the home page . I have deleted cookies manually too . Still the same result .
#Bruce I found something . If i manually delete all the cookies from chrome://settings/cookies and then redirect the page then it works . Can i do it programatically ? using javascript or C#
One reason that your post logout redirection is not working might be beacuse of this Azure AD behavior that caused issues in my case:
It doens't work for root accounts of the tenant, that is my personal
account, which created Azure subscription.
But it works for new accounts I created inside of my subscription.