2

I have a ASP.NET Core 3.1 MVC application which is integrated with AZURE AD for authentication. The problem is that when redirecting between the pages it issues a request to a url something similar to :

https://login.microsoftonline.com/e3a291d3-8a20-4c35-8d08-38ffcafa479d/oauth2/authorize?client_id=86cda223-2296-46c3-a...

it automatically authenticated and next page loads perfectly fine. but if I press back button then it gets redirected back to this weird login url. And that's when it throws exception.

enter image description here

SamuraiJack
  • 5,131
  • 15
  • 89
  • 195
  • The integrated authentication with AD works with much back and forth interaction between your webserver & the Microsoft auth server, pressing the back button is going to cause issue, it works by design. – Anand Sowmithiran Jan 10 '22 at 13:42

1 Answers1

0

One of the workarounds that you can try is to add reply / redirect url to your app in Azure Ad as so, The Reply URL will deliver the authentication response, which will include a token if authentication is successful. Aslo try adding the PostLogoutRedirectURI in your appSettings where Azure AD will redirect the user-agent in an OAuth 2.0 request.

enter image description here

For Adding Reply URL you can navigate to Settings > Reply URLs and set the URL to the page where the user will be directed after logging in.

REFERENCE: Reply URLs vs PostLogoutRedirectURIs in Azure Active Directory (AAD) | by Marilee Turscak

Here is a similar Thread you can refer to Error code "Unable to unprotect the message.State" when redirecting

SwethaKandikonda
  • 7,513
  • 2
  • 4
  • 18
  • I tried adding "PostLogoutRedirectURI:"https : //xyz.com/platform/signin-oidc" which is same as the RedirectUrl i already had in the application and in azure portal. Didn't work :/ – SamuraiJack Jan 03 '22 at 14:30