Redirecting to error page when clicked on the cancel button on admin consent

Question

Hi I am developing web application. I am using Azure active directory for login process. I am working on admin consent. I am able to redirect to admin consent and give the consent. In admin consent page,whenever i clicked on the cancel button in admin consent I am redirecting to error page. Below is the url I am redirecting when clicked on the admin consent page.

https://mywebsite.net/adminconsent?error=access_denied&error_description=AADSTS65004%3a+The+resource+owner+or+authorization+server+denied+the+request.%0d%0aTrace+ID%3a+7798f669-f82d-4b55-8c9b-1259142e1900%0d%0aCorrelation+ID%3a+82764c15-3e79-4905-840b-952af3dfe6fc%0d%0aTimestamp%3a+2018-09-07+13%3a30%3a42Z

Can someone help me to identify the root cause of the issue? Any help would be appreciated. Thank you.

Rohit Saigal · Accepted Answer · 2018-09-09T07:56:50.887

You're getting the relevant error code back from Azure AD - 65004, telling you the root cause, that Admin has declined to consent. Description is visible in the URL and if you can confirm the meaning of error code by looking it up here -

Sign-in activity report error codes in the Azure Active Directory portal

65004 User declined to consent to access the app. Have the user retry the sign-in and consent to the app

Update about displaying a meaningful error page

You haven't mentioned what is it that you're using to write your web application. In any case, I tried out a quick ASP.NET MVC web application with similar setup and I clearly get back the response in query string parameters. All you need to do is, read the query string from the URL (I have HttpRequest.QueryString collection in my sample) and check for error/error_description.

Here is a quick sample code on doing that in the MVC controller..

public class AdminConsentController : Controller
    {
        // GET: AdminConsent
        public ActionResult Index()
        {

            if (Request.QueryString.AllKeys.Contains("error")
                && Request.QueryString.AllKeys.Contains("error_description"))
            {
                string errorDescription = Request.QueryString["error_description"];

                if(errorDescription.Contains("AADSTS65005"))
                {
                    //Do something good about it..
                }
            }

            //if no errors, simply return the view
            return View();
        }

Since you mention Angular 5.. here's a quick sample for that.

Take a look at this SO post for multiple options

ngOnInit() {
    this.param1 = this.route.snapshot.paramMap.get('param1');
    this.param2 = this.route.snapshot.paramMap.get('param2');
}

And if you don't want to use anything fancy, plain old window.location should always work from client side. May not be the recommended way though.

window.location.href

Okay thanks i understood. Now i want to display meaningful message in the error page. How can i do this? — Niranjan, Sep 09 '18 at 04:45
I've edited my answer to give you a sample. Please take a look. — Rohit Saigal, Sep 09 '18 at 06:45
The logic would still be very similar.. make sure you look at the query string in the URL and render the description + a custom message that makes sense to your users.. — Rohit Saigal, Sep 09 '18 at 07:44

Redirecting to error page when clicked on the cancel button on admin consent

1 Answers1