I have a pretty straightforward ASP .NET Core web site that uses Azure AD + OpenID for user authentication. Inside Azure I've added "https://my-site/signin-oidc" as a Redirect URI and inside my app settings I've set my CallbackPath to "/signin-oidc".
The problem is after authentication the browser always redirects to the home page.
For example the user will enter the following url into their address bar:
https://my-site/#/foo
They'll then be redirected to the azure sign-in page which has a uri like so:
https://login.microsoftonline.com/.../oauth2/v2.0/authorize?client_id=...&redirect_uri=https%3A%2F%2Fmy-site%3A64199%2Fsignin-oidc&[...]&sso_reload=true#/foo=
(Note where the '#/foo' fragment is placed)
After authentication succeeds they end up at the home page (https://my-site/).
Is there anyway for me to preserve the original URI and redirect the user to it after auth succeeds?
Try using the post_login_redirect_url query parameter for this.
If you want to automatically navigate the user to #/foo' after logging in, you can set your login redirect to ~/.../authorize?post_login_redirect_url=/#/foo.
Related
I'm trying to use WsFederation on a "SSO Site" to authorize across a family of apps on the same domain. In my test configuration, I have the following setup:
SSO Site
example.com/SSOSite
Wtrealm is https://example.com/SSOSite
Wreply is https://example.com/SSOSite/signin-wsfed
Sample App
example.com/SampleApp
Wtrealm is https://example.com/SSOSite
Wreply is https://example.com/SSOSite/signin-wsfed?appName=SampleApp
Expected Result
An unauthenticated user navigates to example.com/SampleApp
The user is redirected into the Microsoft SSO login flow for example.com/SSOSite
Login process completes, sends user to example.com/SSOSite/signin-wsfed?appName=SampleApp
SSO Site application handles redirect back to Sample App site
Actual Result
In step 3 above, /signin-wsfed responds with a 302 pointing at / - that is, the root of example.com.
If I go directly to example.com/SSOSite, it completes the login as expected and /signin-wsfed passes control along to my own login controller method. It's only when the request begins at /SampleApp that signin-wsfed responds with the 302 to /
My Question
Why does this 302 to / happen? Is there a way to accomplish what I'm aiming for - using one realm to handle all logins and then send the user back to their desired application when the login completes?
I am using Amazon Cognito hosted login for my webapp and everything has been working great. However, today I decided I wanted to pass a urlParam through the login flow. The desired behavior is that a user goes to
https://example.com/?param1=foo
if they aren't logged in they go to the hosted cognito login page and when they go through the login flow and return to my site they go back to
https://example.com/?param1=foo.
Unfortunately, if I try to add the ?param1=foo to the redirect_uri url param for the hosted login flow, I get an error like this, "error?error=redirect_mismatch" on the cognito signin page.
Is there some way to set the callback url to allow for a url param? Or is there another way to solve this problem?
I figured out that you need to do this via the "state" parameter.
In your ```https://example.amazoncognito.com/''' you need a &state= with whatever information you want and that will flow through the redirect uri (as a state= uri param) that you can then read.
This also requires that you have the latest version of the SDK (1.1.2 or greater). See this issue: https://github.com/amazon-archives/amazon-cognito-auth-js/issues/58.
We are currently having problem allowing a user to a specific URL without logging in in Azure AD authentication.
We are successful in getting token and using it for our API's. But we are currently having problem allowing user to access a URL without them logging in.
What we have tried so far was this links
https://learn.microsoft.com/en-us/graph/auth-v2-service
https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad
Thanks!
In your second link, in the azure portal-> your app service -> authentication and authorization screen, make sure the "action to take when request is not authenticated" is set to allow anonymous. if you set that option to "log in with active directory" that forces authentication on every page no matter what. And ensure in your code that page doesn't require login eg.remove the [authorize] tag.
I am using Keycloak authentication to authenticate an angular app and so far I have managed to redirect my login to Keycloak server. But when redirected instead of the login page I am getting a 500 error page with the messageĀ Invalid parameter: redirect_uri
When you created the client in Keycloak you set the required 'Valid Redirect URIs' field. Most likely the pattern you entered there doesn't match the redirect uri you are sending from your client. If you use ports numbers, they have to match too!.
If this is not the problem, check what your Keycloak server is logging and add those details here to your question.
this is occurred due to base url and valid redirect url are different. So I have added same URL on both the text box.Now its working fine.
I've recently decided to migrate over to using servicestack authentication. From what I can tell, to have a redirect after a successful login of an oauth provider, you add the url to the appSettings of your web.config, i.e. oauth.GoogleOpenId.RedirectUrl.
My question is, is there anyway to make this more dynamic so that if a user get's redirected to the log on page when trying to access an authorized page, say their profile page, that once they log on successfully they get routed to their profile page instead of what's configured in the web.config? Forms authentication did this by using a 'returnUrl' query parameter.
Any help would be appreciated.
The behavior of accessing a protected page, redirecting to a /login page (overridable with HtmlRedirect on AuthFeature or Authenticate attribute) and on successful login should automatically redirect to the previously attempted protected page.
To do this you want to specify the redirect url in the continue or ReturnUrl FormData POST variable or QueryString when attempting to authenticate with the /auth service.