aspnetcore: AccessDeniedPath wrong
Describe the bug
https://localhost:5001/Account/AccessDenied?ReturnUrl=%2FPrivacy
To Reproduce
Steps to reproduce the behavior:
- New ASP.Net Core 2.2 Web Application
- Add package
<PackageReference Include="Microsoft.AspNetCore.Authentication.AzureADB2C.UI" Version="2.2.0" /> - Authorize Privacy.cshtml.cs
[Authorize(Roles = "myb2capp-power-user")]
public class PrivacyModel : PageModel
- configure “AzureAdB2C” in appsettings.json
- F5 to run
- click Privacy
- got 404
No webpage was found for the web address: https://localhost:5001/Account/AccessDenied?ReturnUrl=%2FPrivacy HTTP ERROR 404
Expected behavior
shoule redirect to
https://localhost:5001/AzureADB2C/Account/AccessDenied?ReturnUrl=%2FPrivacy
Workaround
services.Configure<CookieAuthenticationOptions>(AzureADB2CDefaults.CookieScheme, options => {
options.AccessDeniedPath = "/AzureADB2C/Account/AccessDenied";
});
Findings
When using github code “AzureADB2CSample” project for debugging
internal class CookieOptionsConfiguration : IConfigureNamedOptions<CookieAuthenticationOptions>{
private string GetAzureADB2CScheme(string name)
{ //name = "AzureADB2CCookie"
}
}
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 16 (15 by maintainers)
Commits related to this issue
- fix issue #6669 in release/2.2 — committed to dotnet/aspnetcore by JipingWang 5 years ago
- fix issue #6669 in release/2.2 — committed to dotnet/aspnetcore by JipingWang 5 years ago
- [Azure][Fixes #6669] AccessDeniedPath is wrong — committed to dotnet/aspnetcore by JipingWang 5 years ago
- [Azure] [Fixes #6033, #6580, #6669] Various fixes and cleanups. * Adds an Azure AD Sample and adds a page to test access denied. * Renames AzureAD and AzureADB2C internal classes for easier to debug ... — committed to dotnet/aspnetcore by javiercn 5 years ago
- [Azure] [Fixes #6033, #6580, #6669] Various fixes and cleanups. * Adds an Azure AD Sample and adds a page to test access denied. * Renames AzureAD and AzureADB2C internal classes for easier to debug ... — committed to dotnet/aspnetcore by javiercn 5 years ago
We said we weren’t patching for this as it could break people who worked around it and has a trivial workaround.
Sent from Outlook
From: Eilon Lipton notifications@github.com Sent: Thursday, February 14, 2019 2:53:13 PM To: aspnet/AspNetCore Cc: Javier Calvarro Nelson; Mention Subject: Re: [aspnet/AspNetCore] AccessDeniedPath wrong (#6669)
@javiercnhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fjaviercn&data=02|01|jacalvar%40microsoft.com|3317f896f4b0486783f108d692cf334a|72f988bf86f141af91ab2d7cd011db47|1|0|636857815945566982&sdata=Q0r6fJinY6weMhTcTrekhIQwH5jdSVTHSfl45G553A0%3D&reserved=0 - any update? Clock is ticking for preview 3.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Faspnet%2FAspNetCore%2Fissues%2F6669%23issuecomment-463835360&data=02|01|jacalvar%40microsoft.com|3317f896f4b0486783f108d692cf334a|72f988bf86f141af91ab2d7cd011db47|1|0|636857815945566982&sdata=SlV%2FdV9f%2F9KbVD1uHCnJtBhv%2Bhi0p%2BLdcmcoHyM7Y9Q%3D&reserved=0, or mute the threadhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAGq8a6oyDpd6vDXSyNn_ZIlo5F_yGH9oks5vNejZgaJpZM4Z_DwA&data=02|01|jacalvar%40microsoft.com|3317f896f4b0486783f108d692cf334a|72f988bf86f141af91ab2d7cd011db47|1|0|636857815945576973&sdata=QSt9uFeN%2BPeo0BGABXgJP4nihvL8uQWGFLXBElFbQiw%3D&reserved=0.
different issues. #6669 fixing a clear wrong coding variable name, which always causes 404 for a common condition. @muratg