Reputation: 164
Azure AD Authentication for ASP.NET Core MVC WebApp - how to customize the Redirect_URI the APPLICATION! sends
I have an ASP.NET Core MVC, .NET6 based WebApplication hosted in AWS as a docker image. It use Azure AD Identity to sign in users.
When the user opens up the page and logs in with Microsoft AD successfully but the redirect provided in the login URL is incorrect. https://login.microsoftonline.com/{guid}/oauth2/v2.0/authorize?client_id={guid}&redirect_uri=http://{my-domain}/signin-oidc
As for the flow:
- User opens the page in inPrivate view (no cookies/session)
- User is being redirected to Microsoft Login page
- User logs in successfully
- User is being redirected to the provided redired_uri
- User encounters an error message that the redirect_uri is incorrect.
Now the issue is that during redirect, the request_uri has http, which is invalid. Though this is not something I have set in the application. How/Where can edit/override the redirect_uri query parameter sent during the request?
There are tons of SO posts about how to edit Azure Application URI, but that one is correct. It is the REQUEST that is incorrect.
Also I do not want to redirect to alternative page, /home is prefect. The issue is the scheme is marked http:// and not https://.
Relevant snapshot of the program.cs
I appreciate your help!
Upvotes: 0
Views: 838
Answers (1)
Reputation: 6974
Issue
This is happening because your Docker application is using HTTP. SSL appears to have already been terminated by ALB or something similar.
About Redirect URI
Now, to answer your question, where does this /signin-oidc Uri originate? The.NET library uses this hard-coded Redirect Uri internally while constructing the authentication request. Once AzureAD redirects back to this Uri, the library internally intercepts and retrieves the code from the query parameter. Library further obtain access-token or ID Token by making another request to graph API.
Solution
You can look at and implement any solution suggested in the links below for the same problem.
Upvotes: 1
Related Questions
- redirect URI in Azure web app authentication
- Configure redirect URI in Asp.NET Core Azure AD authentication
- Specify custom redirect_uri in a web app that uses Azure AD authentication with oidc and a middleware
- How to change redirect_uri for Azure AD
- Issue on Redirect URI in DotNet MVC Web App during Authentication
- How do you set the AzureAD redirect url when using Microsoft.Identity.Web
- Change redirectURI and CallbackPath for AzureAD authentication in .net core 3.1.1 web app
- Azure AD Redirect URL Using Application Gateway
- ASP.NET Core Azure AD Auth - Redirect URI incorrect for network web server
- Azure Ad - Redirect Uri hidden behind authorization