AccountController implementing MicrosoftIdentity/Account/xxx endpoints does not honour redirectUrl

[rollandjb]

Which version of Microsoft Identity Web are you using?
Note that to get help, you need to run the latest version.
Microsoft Identity Web 1.2.0

Where is the issue?

• Web app
  • Sign-in users
  • Sign-in users and call web APIs
• Web API
  • Protected web APIs (validating tokens)
  • Protected web APIs (validating scopes)
  • Protected web APIs call downstream web APIs
• Token cache serialization
  • In-memory caches
  • Session caches
  • Distributed caches
• Other (please describe)

Is this a new or an existing app?
This is an app in development

Repro

<a href="MicrosoftIdentity/Account/SignIn?redirectUrl=yyy">Sign In</a>

Expected behavior
Clicking on the link should take me to the page at yyy

Actual behavior
Takes me to the route of the application, /

Possible solution
Set the redirectUrl property of AuthenticationProperties to the incoming query value

[HttpGet("{scheme?}/{redirectUrl?}")]
        public IActionResult SignIn([FromRoute] string scheme, [FromQuery] string redirectUrl)
        {
            scheme ??= OpenIdConnectDefaults.AuthenticationScheme;
            // var redirectUrl = Url.Content("~/");
            return Challenge(
                new AuthenticationProperties { RedirectUrl = redirectUrl ?? Url.Content("~/") },
                scheme);
        }

All endpoints should honour redirectUrl

Additional context / logs / screenshots

This will allow clients to use MicrosoftIdentity/Account/xxx endpoints and land the user on desired page.

[jmprieur]

Thanks for the heads-up @rollandjb

[rollandjb]

My pleasure @jmprieur

[jmprieur]

@rollandjb I tried to repro this bug, but cannot.
Using https://github.com/AzureAD/microsoft-identity-web/tree/master/tests/B2CWebAppCallsWebApi, and signing out each time, I'm always redirected to the page where the sign-in was triggered.

Do you have repro steps? Do you want to force another redirect URL?

[rollandjb]

@jmprieur

I don't know ASP.NET Core web apps well enough to know how the page url is being remembered.

In the case of a SPA hosted on the web app, one would need to specify the redirectUrl as a query parameter:

<a href="/MicrosoftIdentity/Account/SignIn?redirectUrl=/pages/products">Sign In</a>

AuthentcationProperties provides the mechanism to specify such a location using the RedirectUri property. It would be helpful if the /MicrosoftIdentity/Account/ controller would support that.

The alternative is for me to implement my own endpoints. I would have to reroute those that are hard coded into the AzureADB2COpenIdConnectEventHandlers to my implementations. This is totally doable; it just seems better to use the built-in ones.

What do you think?

[jennyf19]

moving to another iteration, as we need to update the templates as well and requires more time on our end to understand how to support this better & test.

[darraghjones]

Yeah, i don't understand why the RedirectUrl is hard-coded to "~/" here: https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs#L46

what if i want to redirect to a different page in my web app after logging in?

[jennyf19]

@darraghjones @rollandjb fix has been merged into master. will be in next release.

[jmprieur]

@darraghjones @rollandjb: released in 1.12.0

[AndreyZ1]

@jmprieur hey here, could you help me, please, I just updated version but seems it's not working, am I doing something wrong?

<a asp-area="MicrosoftIdentity" asp-route-redirectUri="@Model.ReturnUrl" asp-controller="Account" asp-action="SignIn">Sign in with Microsoft</a>

[jmprieur]

@AndreyZ1 : I'm not sure about the asp-route-redirectUri notation (I'm not familiar with it). Where is it documented?

We used:

<a href="/MicrosoftIdentity/Account/SignIn?redirectUri=/TodoList">Sign In</a>

Maybe make sure that @Model.ReturnUrl starts by a / ?

[AndreyZ1]

@jmprieur Just tried to use hardcoded link
<a href="/MicrosoftIdentity/Account/SignIn?redirectUri=/TodoList">Sign In</a>
and it still not working. Do I have to enable something in Startup.cs configuration or somewhere else to make it working?

[jmprieur]

No @AndreyZ1
The devapp with which this was tested is here:

microsoft-identity-web/tests/WebAppCallsWebApiCallsGraph/Client/Views/Shared/_LoginPartial.cshtml

Line 12 in b348c48

<li><a href="/MicrosoftIdentity/Account/SignIn?redirectUri=/TodoList">Sign In</a></li>

just update Microsoft.Identity.Web and Microsoft.Identity.Web.UI

[AndreyZ1]

@jmprieur thank you a lot for help, I updated only Microsoft.Identity.Web and forgot about Microsoft.Identity.Web.UI.

[jmprieur]

Thanks for the update, @AndreyZ1
Does it work with the asp-route-redirectUri="@Model.ReturnUrl" form?

[AndreyZ1]

@jmprieur yes, without any problems.

[jeevanthespark]

I am not sure what was fixed in earlier builds but I still can't make it work. The code is very simple as given below.

<form method="get" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignIn" asp-route-redirectUri="/Claims">
                <button type="submit" class="btn btn-primary">Sign In</button>
</form>

Can anyone please help to fix the issue?

[jmprieur]

@jeevanthespark : did you try with:

<li><a href="/MicrosoftIdentity/Account/SignIn?redirectUri=/Claims">Sign In</a></li> 

[jeevanthespark]

Yes, I did. It is now redirecting but there are other issues. Initially, there were a couple of issues identified on my code.

1. app.MapControllers wasn't added since no documentation explains it needs to be added to middleware. Could you please update the documentation?
2. Form redirect returns a post request and on get request I get the below error from /MicrosoftIdentity/Account/Error

OpenIdConnectAuthenticationHandler: message.State is null or empty.