Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AccountController implementing MicrosoftIdentity/Account/xxx endpoints does not honour redirectUrl #760

Closed
1 of 8 tasks
rollandjb opened this issue Nov 11, 2020 · 18 comments
Assignees
Labels
enhancement New feature or request fixed P2
Milestone

Comments

@rollandjb
Copy link

rollandjb commented Nov 11, 2020

Which version of Microsoft Identity Web are you using?
Note that to get help, you need to run the latest version.
Microsoft Identity Web 1.2.0

Where is the issue?

  • Web app
    • Sign-in users
    • Sign-in users and call web APIs
  • Web API
    • Protected web APIs (validating tokens)
    • Protected web APIs (validating scopes)
    • Protected web APIs call downstream web APIs
  • Token cache serialization
    • In-memory caches
    • Session caches
    • Distributed caches
  • Other (please describe)

Is this a new or an existing app?
This is an app in development

Repro

<a href="MicrosoftIdentity/Account/SignIn?redirectUrl=yyy">Sign In</a>

Expected behavior
Clicking on the link should take me to the page at yyy

Actual behavior
Takes me to the route of the application, /

Possible solution
Set the redirectUrl property of AuthenticationProperties to the incoming query value

[HttpGet("{scheme?}/{redirectUrl?}")]
        public IActionResult SignIn([FromRoute] string scheme, [FromQuery] string redirectUrl)
        {
            scheme ??= OpenIdConnectDefaults.AuthenticationScheme;
            // var redirectUrl = Url.Content("~/");
            return Challenge(
                new AuthenticationProperties { RedirectUrl = redirectUrl ?? Url.Content("~/") },
                scheme);
        }

All endpoints should honour redirectUrl

Additional context / logs / screenshots

This will allow clients to use MicrosoftIdentity/Account/xxx endpoints and land the user on desired page.

@jmprieur jmprieur added this to the 1.3.1 milestone Nov 12, 2020
@jmprieur jmprieur added bug Something isn't working P2 and removed investigate labels Nov 12, 2020
@jmprieur
Copy link
Collaborator

Thanks for the heads-up @rollandjb

@jennyf19 jennyf19 self-assigned this Nov 13, 2020
@rollandjb
Copy link
Author

My pleasure @jmprieur

@jmprieur
Copy link
Collaborator

@rollandjb I tried to repro this bug, but cannot.
Using https://github.com/AzureAD/microsoft-identity-web/tree/master/tests/B2CWebAppCallsWebApi, and signing out each time, I'm always redirected to the page where the sign-in was triggered.

Do you have repro steps? Do you want to force another redirect URL?

@jmprieur jmprieur added enhancement New feature or request and removed bug Something isn't working labels Nov 13, 2020
@rollandjb
Copy link
Author

@jmprieur

I don't know ASP.NET Core web apps well enough to know how the page url is being remembered.

In the case of a SPA hosted on the web app, one would need to specify the redirectUrl as a query parameter:

<a href="/MicrosoftIdentity/Account/SignIn?redirectUrl=/pages/products">Sign In</a>

AuthentcationProperties provides the mechanism to specify such a location using the RedirectUri property. It would be helpful if the /MicrosoftIdentity/Account/ controller would support that.

The alternative is for me to implement my own endpoints. I would have to reroute those that are hard coded into the AzureADB2COpenIdConnectEventHandlers to my implementations. This is totally doable; it just seems better to use the built-in ones.

What do you think?

@jennyf19
Copy link
Collaborator

moving to another iteration, as we need to update the templates as well and requires more time on our end to understand how to support this better & test.

@darraghjones
Copy link

Yeah, i don't understand why the RedirectUrl is hard-coded to "~/" here: https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs#L46

what if i want to redirect to a different page in my web app after logging in?

@jennyf19
Copy link
Collaborator

@darraghjones @rollandjb fix has been merged into master. will be in next release.

@jmprieur
Copy link
Collaborator

jmprieur commented Jun 2, 2021

@darraghjones @rollandjb: released in 1.12.0

@jmprieur jmprieur closed this as completed Jun 2, 2021
@AndreyZ1
Copy link

AndreyZ1 commented Jun 9, 2021

@jmprieur hey here, could you help me, please, I just updated version but seems it's not working, am I doing something wrong?

<a asp-area="MicrosoftIdentity" asp-route-redirectUri="@Model.ReturnUrl" asp-controller="Account" asp-action="SignIn">Sign in with Microsoft</a>

@jmprieur
Copy link
Collaborator

jmprieur commented Jun 9, 2021

@AndreyZ1 : I'm not sure about the asp-route-redirectUri notation (I'm not familiar with it). Where is it documented?

We used:

<a href="/MicrosoftIdentity/Account/SignIn?redirectUri=/TodoList">Sign In</a>

Maybe make sure that @Model.ReturnUrl starts by a / ?

@AndreyZ1
Copy link

AndreyZ1 commented Jun 9, 2021

@jmprieur Just tried to use hardcoded link
<a href="/MicrosoftIdentity/Account/SignIn?redirectUri=/TodoList">Sign In</a>
and it still not working. Do I have to enable something in Startup.cs configuration or somewhere else to make it working?

@jmprieur
Copy link
Collaborator

jmprieur commented Jun 9, 2021

No @AndreyZ1
The devapp with which this was tested is here:

<li><a href="/MicrosoftIdentity/Account/SignIn?redirectUri=/TodoList">Sign In</a></li>

just update Microsoft.Identity.Web and Microsoft.Identity.Web.UI

@AndreyZ1
Copy link

AndreyZ1 commented Jun 9, 2021

@jmprieur thank you a lot for help, I updated only Microsoft.Identity.Web and forgot about Microsoft.Identity.Web.UI.

@jmprieur
Copy link
Collaborator

jmprieur commented Jun 9, 2021

Thanks for the update, @AndreyZ1
Does it work with the asp-route-redirectUri="@Model.ReturnUrl" form?

@AndreyZ1
Copy link

AndreyZ1 commented Jun 9, 2021

@jmprieur yes, without any problems.

@jeevanthespark
Copy link

I am not sure what was fixed in earlier builds but I still can't make it work. The code is very simple as given below.

<form method="get" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignIn" asp-route-redirectUri="/Claims">
                <button type="submit" class="btn btn-primary">Sign In</button>
</form>

Can anyone please help to fix the issue?

@jmprieur
Copy link
Collaborator

@jeevanthespark : did you try with:

<li><a href="/MicrosoftIdentity/Account/SignIn?redirectUri=/Claims">Sign In</a></li> 

@jeevanthespark
Copy link

jeevanthespark commented Jul 27, 2022

Yes, I did. It is now redirecting but there are other issues. Initially, there were a couple of issues identified on my code.

  1. app.MapControllers wasn't added since no documentation explains it needs to be added to middleware. Could you please update the documentation?
  2. Form redirect returns a post request and on get request I get the below error from /MicrosoftIdentity/Account/Error

OpenIdConnectAuthenticationHandler: message.State is null or empty.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request fixed P2
Projects
None yet
Development

No branches or pull requests

6 participants