In the sample "Velusia" provided here Github OpenIdDict-Samples, upon most of the action the user is redirected back to the client, however upon the registration, the user is sent to the server 'home/index' page. How can I make it send a user same as the login action, back to the client?
We do have the ability to specify the SignOut redirect uri, however there is no visible option for Sign In
I could as well add in a home controller for index view a redirect to my app, however i would loose the uri I started with and would have to probably redo the request
Related
I'm trying to use WsFederation on a "SSO Site" to authorize across a family of apps on the same domain. In my test configuration, I have the following setup:
SSO Site
example.com/SSOSite
Wtrealm is https://example.com/SSOSite
Wreply is https://example.com/SSOSite/signin-wsfed
Sample App
example.com/SampleApp
Wtrealm is https://example.com/SSOSite
Wreply is https://example.com/SSOSite/signin-wsfed?appName=SampleApp
Expected Result
An unauthenticated user navigates to example.com/SampleApp
The user is redirected into the Microsoft SSO login flow for example.com/SSOSite
Login process completes, sends user to example.com/SSOSite/signin-wsfed?appName=SampleApp
SSO Site application handles redirect back to Sample App site
Actual Result
In step 3 above, /signin-wsfed responds with a 302 pointing at / - that is, the root of example.com.
If I go directly to example.com/SSOSite, it completes the login as expected and /signin-wsfed passes control along to my own login controller method. It's only when the request begins at /SampleApp that signin-wsfed responds with the 302 to /
My Question
Why does this 302 to / happen? Is there a way to accomplish what I'm aiming for - using one realm to handle all logins and then send the user back to their desired application when the login completes?
I'm using Azure ADB2C authentication in my ASP.NET Core web app.
Based on the claims received after the user logging in, I'd like to redirect the user to another page.
I thought I might be able to redirect the user on the OnTokenValidated event of OpenIdConnectEvents. But frankly, I'm not sure if this is redirecting the client, or redirecting the auth flow. Bottom line, it doesn't redirect the user.
public async Task OnTokenValidated(TokenValidatedContext context)
{
// ... clipped code ...
context.HttpContext.Response.Redirect("~/somewhere");
}
My event handler works otherwise--just doesn't redirect.
What is the final event received after a user successfully logs in with ADB2C?
And how, specifically, can I redirect a user?
Thanks
How do I get the previous route in blazor?
For example, we have many pages which required authentication. So when a user tries to access that page we navigate the user to the login page.
After success full login we want a user to redirect back to the page he requested.
I use mod_auth_openidc to implement login on my website. I use multiple providers, so to initiate a login into one I redirect to:
/protected/redirect_uri/?target_link_uri=<urlencoded protected location>&iss=<urlencoded issuer>
which works as expected.
Now I want to initiate a logout in a similar manner, by refering the logout button to:
/protected/redirect_uri?logout=<urlencoded logoutpage>&iss=<urlencoded issuer>
but I simply get a 404. Of course /protected/redirect_uri does not actually exist but for some reson openidc does not handle the logout request.
The logout page is not protected and the provider has an end_session_endpoint in it's metadata.
the slash at the end of the redirect URI matters, if it is not there the request will not be considered as matching
I have a Backbone app where we know start to implement the login. Till now I we had no login and the app starts with creating all relevant models and collection on start. Now the API demands a session cookie to response.
What would be the better solution:
having a login.html that forward to the app.html after a successful login
having the login to be part of the Backbone app with an own route
In both solution, how can I prevent that the user sees the login dialog again, just by pressing the back button?
I use the standard way of login handling, a simple login page separated from the application.
/admin/ in this route I have a simple middleware checking for the user session if the user is not authenticated, he is redirected over /admin/login.
Once the user obtains a valid session he can freely go to /admin/ where my application resides. The same apply when you need to authenticate users with some OpenID or OAuth provider.
There is no use in handling authentication in the browser since it's too much simple to handle it in your backend. In fact in my backend I have only three standard routes:
/* accessible routes */
/admin/login
/* protected routes: */
/admin/
/admin/(...)
/admin/logout
For the back button issue, you just need to know if the user already have a valid session token, then redirect/trigger to the right route (beware of redirection loops)