3

I am trying to use Azure Active Directory for my web apllication in Azure. After login I am always redirected to the '~/.auth/login/done' URL with the "You have successfully signed in" message.

This is my Startup.cs:

public void ConfigureServices(IServiceCollection services)
{
    services.Configure<CookiePolicyOptions>(options =>
    {
        options.CheckConsentNeeded = context => true;
        options.MinimumSameSitePolicy = SameSiteMode.None;
    });

    // Add authentication for Azure Active Directory using the Microsoft.AspNetCore.Authentication.AzureAD.UI:
    services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => Configuration.Bind("AzureAd", options));

    services
        .AddMvc(options =>
        {
            var policy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .Build();
            options.Filters.Add(new AuthorizeFilter(policy));
        })
        .SetCompatibilityVersion(CompatibilityVersion.Version_2_2)            
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseBrowserLink();
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
    }

    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseCookiePolicy();
    app.UseAuthentication();

    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller=Home}/{action=Index}/{id?}");
    });
}

On the Azure portal I have set the Redirect URIs to the default '~/.auth/login/aad/callback'.

This is my appsettings.json:

{
 "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "mycompanyname.onmicrosoft.com",
    "TenantId": "... (my tenant ID) ...",
    "ClientId": "... (my client ID) ...",
    "CallbackPath": "/.auth/login/aad/callback"
 }
}

Why I cannot access to any page of my application and why am I always redirected the the '~/.auth/login/done' URL?

LaRo
  • 31
  • 3
  • Kinda sounds like you have configured the authentication / authorization feature of app ser ice which you don't need in this case since you configure it yourself. – juunas Jul 21 '19 at 06:37

2 Answers2

0

You can use the post_login_redirect_url query string parameter to do this.

What you have to do instead is to navigate your users to

 /.auth/login/aad?post_login_redirect_url=YOUR_URL

For example, if you want to automatically navigate the user to /welcome.html after logging in, you can set your login redirect to ~/.auth/login/aad?post_login_redirect_url=/welcome.html, and the user will be redirected to this page instead of the generic welcome page. Refer to this thread.

Joey Cai
  • 18,968
  • 1
  • 20
  • 30
  • Thanks for your answer. I've read the recommended thread but it is still not clear to me. Where exactly can I use the query parameter? Is it necessary to implement the OnAuthenticationChallenge method? – LaRo Jul 22 '19 at 07:07
0

You can set your CallbackPath to: "CallbackPath": "/signin-oidc".

Also, make sure that you have it registered on Azure Portal. Go to your App Registration > Authentication tab > then add https://localhost:{yourport}/signin-oidc (or if this is a production app, https://{yourDomain}/signin-oidc.

You can find more details here: https://social.msdn.microsoft.com/Forums/azure/en-US/99913f64-d692-4e10-9178-2ded24e264d8/reply-url-same-as-callback-path?forum=WindowsAzureAD

Tiago B
  • 1,937
  • 14
  • 34
  • Thanks for your answer. I need to deploy a production app. I tried to change the CallbackPath to `"/signin-oidc"` in my appsettings.json and I changed the Redirect URI on Azure Portal to `https://myapp.azurewebsites.net/signin-oidc` but after login I am getting the mesage "AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: ..." – LaRo Jul 22 '19 at 06:48