Azure B2C App Always Redirects to <domain>/MicrosoftIdentity/Account/Error
I have a simple .NET 8 razor pages test application where I'm trying to leverage an Azure B2C tenant for identity. I have Azure AD B2C configured in my program.cs file, and I have added authorization to all pages so that an unauthenticated user is always directed to log in, but rather than getting the azure b2c login page, I keep getting directed to https://localhost:7027/MicrosoftIdentity/Account/Error, which results in a 404 error. Im doing this in debug mode in visual studio. Im not sure what I may have configured incorrectly, as I don't have any real experience in B2C prior to this.
Program.cs
using Microsoft.Extensions.Configuration;
using Microsoft.Identity.Web;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddRazorPages();
// Add Azure AD B2C authentication
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAdB2C"));
builder.Services.AddAuthorization();
// Apply [Authorize] attribute globally
builder.Services.AddRazorPages(options =>
{
options.Conventions.AuthorizePage("/");
options.Conventions.AuthorizeFolder("/");
});
var app = builder.Build();
// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.MapRazorPages();
app.Run();
appsettings.json
{
"AzureAdB2C": {
"Instance": "https://<my-tenant-name>.b2clogin.com",
"Domain": "<my-tenant-name>.onmicrosoft.com",
"TenantId": "<my-tenant-id>",
"ClientId": "<my-client-id>",
"ClientSecret": "<my-client-secret>",
"CallbackPath": "/signin-oidc",
"SignUpSignInPolicyId": "<my-signinsignup-policy>",
"ResetPasswordPolicyId": "<my-passwordreset-policy>",
"EditProfilePolicyId": "<my-profileediting-policy>"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*"
}
Solution
I got the same error while authenticating to Azure AD B2C, the error message is related to Azure AD B2C cannot find the 'b2c-extension-app` in the tenant.
- To resolve the issue, you can download the extension app in your Azure AD B2C, please refer this doc to download the extension.
- You can also create a new Azure AD B2C tenant to avoid the error.
I've created a sample application and successfully configured Azure B2C authentication.
Program.cs :
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"));
builder.Services.AddAuthorization(options =>
{
options.FallbackPolicy = options.DefaultPolicy;
});
builder.Services.AddRazorPages()
.AddMicrosoftIdentityUI();
var app = builder.Build();
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.MapRazorPages();
app.MapControllers();
app.Run();
appsettings.json:
{
"AzureAd": {
"Instance": "https://{ Azure B2C Domain Name}.b2clogin.com/",
"Domain": "{ Azure B2C Domain Name}.onmicrosoft.com",
"TenantId": "<Tenant-id>",
"ClientId": "<Client-id>",
"CallbackPath": "/signin-oidc",
"SignUpSignInPolicyId": "B2C_1_signupsignindemo",
"SignedOutCallbackPath": "/signout/B2C_1_susi",
"ResetPasswordPolicyId": "b2c_1_reset",
"EditProfilePolicyId": "b2c_1_edit_profile",
"EnablePiiLogging": true
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*"
}
I've successfully authenticated to Azure B2C.
Output:
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs