Published ASP.NET MVC 5 app with Organizational Account authentication Redirects back to localhost

Question

I have a problem publishing a web app that uses organizational account for authentication. Namely, I chose to publish it on azure website, using new azure SQL database as tenant db. I use Single account and specify .onmicrosoft.com domain.

Step by step:

1. New ASP.NET application, MVC
2. Change Authentication -> Organizational Accounts -> Cloud - Single Organization, Domain: .onmicrosoft.com, Access Level: Single Sign On
3. Microsoft Azure -> Host in the cloud (checked), Website
4. Selected database server in Azure
5. Debug/Run in IIS Express works as expected, it goes to Organizational page for authentication and then browse back to Home/Index showing the user's email in the navigation pane.
6. Publish Web with default (auto-generated) profile creates couple of errors: 6.1. It browse to http and not to https by default 6.2. Browsing manually to https://.... redirects to onmicrosoft.com for authentication, and after authentication successfully finishes, redirects back to https://localhost:xxxxx

Where can I configure redirect URL for organizational accounts? I've done for some previous projects Microsoft account authentication, and I know that client id and secret id are bound to a specific return url, but I have no idea where to look for application properties when organizational accounts are used.

Thanks.

Predrag.

Answer 1

I was having the same problem but found that enable organisational authentication option has been removed in Visual Studio 2015 and 2017.

You have to edit the relying party trust on your ADFS server. Right click > Properties > Endpoints > Add a WS-Federation Endpoint pointing to your https root site URL > Tick set as default.

My site now works and authenticates with ADFS.

Answer 2

You can setup return url for organizational account auth inside active directory in management panel (azure)

Here a good article

Select your App inside Active Directory, click on app name -> config -> single sign on -> config return url

Answer 3

To answer my question. Below is one possible workable workflow:

1. From Visual Studio 2013, Project->New->Web->ASP.NET Web Application
2. Name: WebApplication2

3. New ASP.NET Project – WebApplication2

   a. Select a template: MVC

   b. Change Authentication

   i.  Organizational Accounts
   ii. Cloud – Single Organization
   iii.    Domain: <organization_name>.onmicrosoft.com
   iv. Access Level: Single Sign On
   

   c. OK

4. Configure Microsoft Azure Website

   a. Site name: WebApplicationXXXXX

   b. Region: North Europe

   c. Database server: existing database server

   d. Database username: admin

   e. Database password: admin_password

   f. OK

5. Publish with the default profile without changing any parameters

   a. The result will be Server error in application. In the address bar, it will be http://webapplicationXXXXX.azurewebsites.net/

6. Browse to https instead of http: https://webapplicationXXXXX.azurewebsites.net/

   a. It will be redirected to organizational account correctly. After successful authentication, it will be redirected back to https://localhost:44310/ which is not accessible from Azure website, so it will fail.

7. Launch publishing again with some corrections this time, Publish Web

   a. Connection->DestinationUrl: https://webapplicationXXXXX.azurewebsites.net/

   b. Settings->Enable Organizational Authentication (check)

   i.  Domain: <organization_name>.onmicrosoft.com
   
   ii. Access Level: Single Sign On
   

   c. Publish

It might fail to authenticate first time (no idea why), but when manually browsed to https://webapplicationXXXXX.azurewebsites.net/, it will work as it is supposed to. By skipping steps 5 and 6 above, the workflow becomes workable. It’s another question if it’s optimal and according to the best practices.