CODEWITHSUNDEEP
c#asp.netasp.net-mvcazure-application-gateway
ToDevAndBeyond
ToDevAndBeyond

Reputation: 1503

ASP.Net MVC Set custom hostname for authorization redirect with Application Gateway

Scenario: An ASP.net MVC application behind an Azure Application Gateway

When an unauthorized user tries to access a page where the controller method is protected with the Authorize attribute, the user is redirected to the Azure AD login page. After signing in, the user is redirected to the inaccessible application URL (gives a 403) instead of the correct Application gateway URL.

Login works correctly when we use:

HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType);

So the question is: Is there a good way to override the hostname that the Authorize attribute is using so that it redirects to the app gateway URL that is specified in the app settings?

Inside of startup.auth.cs we are using OpenId Connect and setting the Redirect URI to be the correct app gateway URL which works for successfully authenticating, but still redirects to the incorrect URL after the user has been authenticated. 

 Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    RedirectToIdentityProvider = (context) =>
                    {
                        string appBaseUrl = _siteUrl;
                        context.ProtocolMessage.RedirectUri = appBaseUrl;

Upvotes: 0

Views: 801

Answers (1)

ToDevAndBeyond
ToDevAndBeyond

Reputation: 1503

Found my own answer from the below question: Redirect user after authentication with OpenIdConnect in ASP.Net MVC

To summarize, redirecting after authentication can be achieved by setting the context.AuthenticationTicket.Properties.RedirectUri inside of the AuthorizationCodeReceived callback

         app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {


                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    RedirectToIdentityProvider = (context) =>
                    {

                        _redirectUri = _siteUrl + context.Request.Path;


                        return Task.FromResult(0);
                    },
                    // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
                    AuthorizationCodeReceived = async (context) =>
                    {
                        var httpContext =
                            HttpContext.Current.GetOwinContext().Environment["System.Web.HttpContextBase"] as
                                HttpContextBase;
                        var code = context.Code;
                        context.AuthenticationTicket.Properties.RedirectUri = _redirectUri;


                       }
                    },
                    AuthenticationFailed = OnAuthenticationFailed
                }
            });

Upvotes: 0

Related Questions