Entra SSO returning a 302/502 in a .NET Core site
I have an issue getting SSO to work which is puzzling. The CallBackPath in the config below matches what is in Azure as the redirect uri, and I can see in the logs that user are being authenticated successfully. What happens then is they get a 302 in the network tab in dev tools, which becomes a 502 on the page.
I'm unsure if I'm missing anything, or have misconfigured things. Can anyone advise?
My config:
"Authentication": {
"ClientId": "xxxxxx",
"ClientSecret": "yyyyyyyy",
"Authority": "https://login.microsoftonline.com/zzzzzzz",
"CallbackPath": "/mypath/mypage",
"Scope": "openid profile email"
},
the route to the login page where I want to initiate SSO:
[AllowAnonymous]
[Route("login")]
public IActionResult Login()
{
return Challenge(new AuthenticationProperties(), OpenIdConnectDefaults.AuthenticationScheme);
}
and the relevant part from program.cs
.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect("OpenIdConnect", options =>
{
options.ClientId = builder.Configuration["Authentication:ClientId"];
options.ClientSecret = builder.Configuration["Authentication:ClientSecret"];
options.Authority = builder.Configuration["Authentication:Authority"];
options.CallbackPath = builder.Configuration["Authentication:CallbackPath"];
options.ResponseType = "code";
options.SkipUnrecognizedRequests = true;
options.SaveTokens = true;
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = async context =>
{
// Log successful authentication
var userId = context.Principal?.Claims.FirstOrDefault(c => c.Type == "name")?.Value
?? context.Principal?.Claims.FirstOrDefault(c => c.Type == "preferred_username")?.Value
?? "Unknown User";
Log.Information("SSO Log - User {UserId} successfully authenticated via SSO.", userId);
await Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
Log.Error("SSO Log - Authentication failed: {Error}", context.Exception.Message);
return Task.CompletedTask;
}
};
});
I had a test with OP's code in a new .net 8 MVC application which worked well except the Login method in the controller. I added [Authorize] attribute on my controller class so that when I run the application, it would redirect to Microsoft sign in page and it will redirect back to my Home index page after signing succefully. But once I hit login method manually, I will trapped within an infinite redirection loop then gave me an error about sign in.
I deduce the issue might relate to the redirection, therefore I make a change to the Login method return Challenge(new AuthenticationProperties { RedirectUri = Url.Content("~/accounts/home") }, OpenIdConnectDefaults.AuthenticationScheme); which adding a redirect url.
In my test, it will make the flow to be redirecting to the callback path defined in appsetting.json after signing in successfully, in my side I set it to /home, then redirect to the url defined in return Challenge.
- Replacing service layer with MediatR - is it worth to do it?
- ASP.NET Core MVC filter analogue for gRPC service
- Why is using custom routes returning a 404 in my Razor Pages application?
- Why Http Post in Orchard Core asp net core Web App returns bad request
- Property Injection in ASP.NET Core
- How to force ASP.NET Core source code to not be optimized
- Is there any way to load a single page at a time using Blazor WebAssembly
- This localhost page can’t be found - No webpage was found for the web address.- ASP.NET Core
- log4net:ERROR ConfigureFromXml called with null 'element' parameter for Postgres SQL
- ASP.Net Core Background Service with Task Queue, does it need a Task.Delay?
- Input number does not respect step
- How to customize localization provider (.resx to database) in Razor Pages
- How to get user information in DbContext using Net Core
- Application Insights does not capture information level logging
- How to best add the Last-Modified header in asp .net middleware
- What is the correct way to get data for an EditForm using EF Core, with or without tracking?
- Why my properties in my blazor wasm always become null when i submit the form
- Blazor two way binding and on value changed event in the parent
- How to search for users in Active Directory from ASP.NET Core
- The framework 'Microsoft.NETCore.App', version '5' was not found while Microsoft.NETCore.App 5.0.0 is found
- ILoggingBuilder AddEventLog Linux compatibility
- Getting duplicates when saving an item with two fields in a many-to-many relationship
- Filter Serilog logs to different sinks depending on context source?
- ASP.NET Core log-in not redirecting me to home page
- ASP.NET Core 6 : The best way to list a group of numbers in a string?
- Error when using implementations with different constraints in C# dependency injection
- Azure Storage Account StorageSharedKeyCredential
- ASP.NET Core 6 Web API : custom authentication handler and Angular HttpInterceptor [receive Status code =0 for 401 Unauthorized Response]
- Blazor Web App NavigationManager in Client -> Exception_WasThrown
- How to return JSON result in ASP.NET Core 8 project