9

I followed this article https://azure.microsoft.com/en-us/blog/announcing-app-service-authentication-authorization/ to set up Azure authentication for my MVC app. First I turned on Azure AD provider. In the Authentication / Authorization settings, I selected "Allow request(no Action)" for "Action to take when request is not authenticated" because I only need users to login for certain controller actions.

Then I added a custom FilterAttribute to check if one action needs authentication as in https://stackoverflow.com/a/26652816/1837339. In the OnAuthenticationChallenge function, I had this code to redirect to login page:

public void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext)
{
    if (filterContext.Result is HttpUnauthorizedResult) {
        filterContext.Result = new RedirectResult("~/.auth/login/aad");
    }
}

All of this works, except after user finished authentication, it is redirected back to mysite/.auth/login/done page saying "You have successfully signed in" and a button to return to my site's base url.

What I want is the redirection goes back to the user's original url, so I think I need somehow set the return url for the login redirect. But I couldn't find any documentation about this. Anyone could give any advice?

Community
  • 1
  • 1
bigbearzhu
  • 2,381
  • 6
  • 29
  • 44
  • post_login_redirect_url is one of the option. If you want to do more customized editing you can use application gateway features. Please read this post to get complete understanding. https://stackoverflow.com/a/62549414/5349104 – SRIDHARAN Jun 24 '20 at 07:21

2 Answers2

16

You can use the post_login_redirect_url query string parameter to do this.

For example, if you want to automatically navigate the user to /welcome.html after logging in, you can set your login redirect to ~/.auth/login/aad?post_login_redirect_url=/welcome.html, and the user will be redirected to this page instead of the generic welcome page.

Chris Gillum
  • 14,526
  • 5
  • 48
  • 61
  • Many thanks! Is there document about this query string parameter? Didn't find anything about it. – bigbearzhu Dec 21 '15 at 03:24
  • Cool. Great to have an Azure guy to answer this question! Hope the parameter name is final. – bigbearzhu Dec 22 '15 at 23:43
  • 1
    Current [guidance](https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-facebook-authentication/) indicates that the redirect URL should end in /callback. However, when this is there, this post_login_redirect_url querystring parameter didin't work for me. – Nate Jackson Mar 11 '16 at 20:33
  • @NateJackson I think you're confusing the redirect URL that you configure for the identity provider (e.g. Facebook, which is always /callback) with the redirect URL for the person visiting your web app. The former tells the provider where to send an access token. The latter (which this query string is for) tells the web app where to redirect to after the authentication has succeeded. So this redirect applies *after* the /callback redirect. – Chris Gillum Mar 11 '16 at 21:46
  • 1
    The post login redirect append some authentication token in the url like this (I masked some content): #token=%7B%22authenticationToken%22%3A%22eyJ0xxxxxxxxxxxxxxLCJhbGciOiJIUzI1NiJ9.eyJzdGFibGVfc2xxxxxxxxxxxxxxxxFkMGE5MjczYjcxZjc4ZjM1xxxxxxxxxxxxxxxxxxxxxxiIjoic2lkOjcwN2QxZDYyNGQxYjY1ZTFmZGQ5OWMwMjQ0ZWYxMjExIiwiaWRwIjoiZmFjZWJvb2siLCJ2ZXIiOiIzIiwiaXNzxxxxxxxxxxxxxxxxxxxxxxxxnlhbncueHl6LyIsImF1ZCI6Imh0dHBzOi8vaGVuZHJ5YW53Lnh5ei8iLCJleHAiOjE1MTUyMjkzNjksIm5iZiI6MxxxxxxxxxxM30.3RDfK8dyt5nfZLB51kYuxxxxxxxxxxxxoXSA1xL2oxxx (and so on). why is that? – hendryanw Nov 07 '17 at 09:08
  • 1
    @Hendry this is an App Service authentication token. The idea is that JavaScript or Mobile clients can grab this token and use it to make authenticated calls into your APIs. You won't see this if someone clicks a link to login. You will see it if someone invokes the /.auth/login/aad endpoint directly (we use the presence of the Referer header in the request as a hint). – Chris Gillum Nov 07 '17 at 21:43
  • Can any tell me that where I have to put the redirect code such as ~/.auth/login/aad?post_login_redirect_url=/welcome.html, bcoz I am just beginner in azure developer portal. thanks in advance. – Jasbir Feb 23 '18 at 05:58
  • @Jasbir I think this question/answer may not apply to your scenario. It might be worth asking a separate question and providing more details on your setup. – Chris Gillum Feb 24 '18 at 06:05
0

Thank you. This really helped. The below worked ok for me:

     return RedirectToAction(string.Format("login/{0}?post_login_redirect_url=/Home/LoginCallBack", provider), ".auth");

provider can be one the strings: google, twitter, microsoftaccount,aad,facebook.

Also each provider must be configured on your project at the Azure Portal.

redirect url may be any uri on your project

Roberto O Fonseca
  • 1