microsoft-identity-web: AccountController implementing MicrosoftIdentity/Account/xxx endpoints does not honour redirectUrl

Which version of Microsoft Identity Web are you using? Note that to get help, you need to run the latest version. Microsoft Identity Web 1.2.0

Where is the issue?

  • Web app
    • Sign-in users
    • Sign-in users and call web APIs
  • Web API
    • Protected web APIs (validating tokens)
    • Protected web APIs (validating scopes)
    • Protected web APIs call downstream web APIs
  • Token cache serialization
    • In-memory caches
    • Session caches
    • Distributed caches
  • Other (please describe)

Is this a new or an existing app? This is an app in development

Repro

<a href="MicrosoftIdentity/Account/SignIn?redirectUrl=yyy">Sign In</a>

Expected behavior Clicking on the link should take me to the page at yyy

Actual behavior Takes me to the route of the application, /

Possible solution Set the redirectUrl property of AuthenticationProperties to the incoming query value

[HttpGet("{scheme?}/{redirectUrl?}")]
        public IActionResult SignIn([FromRoute] string scheme, [FromQuery] string redirectUrl)
        {
            scheme ??= OpenIdConnectDefaults.AuthenticationScheme;
            // var redirectUrl = Url.Content("~/");
            return Challenge(
                new AuthenticationProperties { RedirectUrl = redirectUrl ?? Url.Content("~/") },
                scheme);
        }

All endpoints should honour redirectUrl

Additional context / logs / screenshots

This will allow clients to use MicrosoftIdentity/Account/xxx endpoints and land the user on desired page.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 18

Most upvoted comments

@jmprieur

I don’t know ASP.NET Core web apps well enough to know how the page url is being remembered.

In the case of a SPA hosted on the web app, one would need to specify the redirectUrl as a query parameter:

<a href="/MicrosoftIdentity/Account/SignIn?redirectUrl=/pages/products">Sign In</a>

AuthentcationProperties provides the mechanism to specify such a location using the RedirectUri property. It would be helpful if the /MicrosoftIdentity/Account/ controller would support that.

The alternative is for me to implement my own endpoints. I would have to reroute those that are hard coded into the AzureADB2COpenIdConnectEventHandlers to my implementations. This is totally doable; it just seems better to use the built-in ones.

What do you think?

+2
rollandjb on Nov 14, 2020

@jmprieur yes, without any problems.

+1
AndreyZ1 on Jun 9, 2021

@jmprieur thank you a lot for help, I updated only Microsoft.Identity.Web and forgot about Microsoft.Identity.Web.UI.

+1
AndreyZ1 on Jun 9, 2021

Yeah, i don’t understand why the RedirectUrl is hard-coded to “~/” here: https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs#L46

what if i want to redirect to a different page in my web app after logging in?

+1
darraghjones on Mar 17, 2021
Read more comments on GitHub
← microsoft-identity-web: AccessDenied page returns 404 when using MapControllerRoute
microsoft-identity-web: ADB2C SSO giving ASPNETCORE ENV error when trying to sign in. [Bug]  →