Reputation: 2613
How to set redirect_uri parameter on OpenIdConnectOptions for ASP.NET Core
I'm trying to connect an ASP.NET application to Salesforce using OpenId, Currently this is my connecting code so far. I think I got everything except the redirect_uri parameter, which has to match the value on the other end exactly.
app.UseCookieAuthentication(x =>
{
x.AutomaticAuthenticate = true;
x.CookieName = "MyApp";
x.CookieSecure = CookieSecureOption.Always;
x.AuthenticationScheme = "Cookies";
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary<string, string>();
app.UseOpenIdConnectAuthentication(x =>
{
x.AutomaticAuthenticate = true;
x.Authority = "https://login.salesforce.com";
x.ClientId = "CLIENT_ID_HERE";
x.ResponseType = "code";
x.AuthenticationScheme = "oidc";
x.CallbackPath = new PathString("/services/oauth2/success");
//x.RedirectUri = "https://login.salesforce.com/services/oauth2/success";
x.Scope.Add("openid");
x.Scope.Add("profile");
x.Scope.Add("email");
});
But RedirectUri isn't a valid parameter to pass. What is the right way to set it?
Upvotes: 26
Views: 37856
Answers (3)
Reputation: 246
Problem: App services have a default domain name of *.azurewebsites.net (say contoso.azurewebsites.net) which is different from the application gateway’s domain name (say contoso.com). Since the original request from the client has application gateway’s domain name contoso.com as the host name, the application gateway changes the hostname to contoso.azurewebsites.net, so that the app service in the backend can route it to the correct endpoint. But when the app service sends a redirection response, it uses the same hostname in the location header of its response as the one in the request it receives from the application gateway. Therefore, when the app service performs a redirection to its relative path (redirect from /path1 to /path2), the client will make the request directly to contoso.azurewebsites.net/path2, instead of going through the application gateway (contoso.com/path2). This will bypass the application gateway which is not desirable.
Solution: This issue can be resolved by setting the hostname in the location header to the application gateway’s domain name.
For more details you can check this: https://azure.microsoft.com/en-us/blog/rewrite-http-headers-with-azure-application-gateway/
Upvotes: 1
Reputation: 2078
You need to set an event listen for the OnRedirectToIdentityProvider
in your case:
x.Events.OnRedirectToIdentityProvider = async n =>
{
n.ProtocolMessage.RedirectUri = <Redirect URI string>;
await Task.FromResult(0);
}
Upvotes: 48
Reputation: 42080
redirect_uri is automatically computed for you using the scheme, host, port and path extracted from the current request and the CallbackPath you specify.
x.RedirectUri = "https://login.salesforce.com/services/oauth2/success" looks highly suspicious (unless you work for Salesforce): don't forget it's the callback URL the user agent will be redirected to when the authentication flow completes, not the authorization endpoint of your identity provider.
So in your case, the user will be redirected to http(s)://yourdomain.com/services/oauth2/success. Is it the address you registered in your Salesforce options?
Upvotes: 24
Related Questions
- How do I get client IP address in ASP.NET Core?
- How to specify the port an ASP.NET Core application is hosted on?
- ASP.NET Core Web API exception handling
- How do you create a custom AuthorizeAttribute in ASP.NET Core?
- How to unapply a migration in ASP.NET Core with EF Core
- Resolving instances with ASP.NET Core DI from within ConfigureServices
- How to register multiple implementations of the same interface in Asp.Net Core?
- How to set up Automapper in ASP.NET Core
- OpenIdConnect Behaviour Visual Studio vs Azure
- Azure AD openid connect not including token_type in response