Overwrite default signed out page with Microsoft Identity

Question

I've implemented Microsoft Identity platform in my Razore Pages application. Almost everything works, except the redirect url AFTER user logout.

I let you see my configuration.

That is how I add authentication in my project:

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(azureADSection)
    .EnableTokenAcquisitionToCallDownstreamApi(new string[] { scope })
    .AddInMemoryTokenCaches();

An here how I add the authorization:

services.AddAuthorization(options =>
{
    options.FallbackPolicy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();
});

Then I want to override the default behaviour for logout:

Here my Signout button:

<a class="nav-link text-dark" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignOut">Sign out</a>

Account is not a control of mine. You can find the controller here.

The logout works. The guide says:

call Signout(), which lets the OpenId connect middleware contact the Microsoft identity platform logout endpoint which:

clears the session cookie from the browser, and finally calls back the logout URL, which, by default, displays the signed out view page >SignedOut.html also provided as part of ASP.NET Core.

In fact, I am redirected to SignedOut.html.

The guide does not explain how I can override that behavior but it gives me a tip. I have not intercepted the event how it is written in the guide, but I have overriden two properties:

services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
    options.SignedOutCallbackPath = "/test";
    //options.SignedOutRedirectUri = "/test";
    //options.SignedOutRedirectUri = "https://www.google.com";
});

But my solution does not works. It still redirect to default page when I am logged out. How can I customize the after logout url?

Thnak you

Answer 1

Please check if you can try to use custom URL Rewriting Middleware to redirect based on checking the path .Add this before app.UseMvc in startup.cs under you can redirect to your own custom signout page if you wish.

app.UseRewriter(
    new RewriteOptions().Add(
        context => { if (context.HttpContext.Request.Path == "/MicrosoftIdentity/Account/SignedOut")
            { context.HttpContext.Response.Redirect("/Index"); }
        })
);

Or If controller is present a workaround is to build you own AccountController :

 public class AccountController : Controller
    {
        [HttpGet]
        public IActionResult SignIn()
        {
            var redirectUrl = Url.Action(nameof(HomeController.Index), "Home");
            return Challenge(
                new AuthenticationProperties { RedirectUri = redirectUrl },
                OpenIdConnectDefaults.AuthenticationScheme);
        }

        [HttpGet]
        public IActionResult SignOut()
        {
            var callbackUrl = Url.Action(nameof(SignedOut), "Account", values: null, protocol: Request.Scheme);
            return SignOut(
                new AuthenticationProperties { RedirectUri = callbackUrl },
                CookieAuthenticationDefaults.AuthenticationScheme,
                OpenIdConnectDefaults.AuthenticationScheme);
        }

        [HttpGet]
        public IActionResult SignedOut()
        {
            if (User.Identity.IsAuthenticated)
            {
                // Redirect to home page if the user is authenticated.
                return RedirectToAction(nameof(HomeController.Index), "Home");
            }

            return RedirectToAction(nameof(HomeController.Index), "ThePathtoredirect");
        }

References:

1. customize azure ad sign out page -SO Reference
2. define signedout page-SO Reference

Answer 2

Above example will work for MicrosoftIdentity if decorated with the right route:

[Area("MicrosoftIdentity")]

[Route("[area]/[controller]/[action]")]