This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 46%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPG%3C/text%3E%3C/svg%3E)
Hi
I have a SaaS application which needs access to users' mailboxes.
The issue I'm facing is despite supplying the correct return URL (all lowercase etc), the Authorise process returns the user to what appears to be the last entered URL.
Response.Redirect(String.Format("https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri={0}", Request.Url.ToString.ToLower))
In App Registration, I've tried putting a trailing slash on the page and I've tried specifying .aspx
What's worse is the user doesn't get an error, they get redirected to someone else's application rather than an error!
What do Ihave to do to make sure Azure redirects the user to the correct URL?
Thanks
Hello @Phil Gray ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
You have tagged the post with azure-application-gateway service. May I know how the Azure application gateway is setup in your environment? Is the SaaS application behind an application gateway?
Regards,
Gita
Hi
I couldn't find a tag that exactly matched my question I'm affraid.
My application is a webforms app. I send the return_url but the App Registration ignores this and decides either randomly or chooses the last return_url to be edited in the app registrations - return_url config in Azure.
Regards
Hello @Phil Gray ,
Thank you for the update.
Could you confirm if you are using Azure AD?
App Registration and Redirect URI are available with the Microsoft identity platform.
Refer : https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
Regards,
Gita
Hi
I am very familiar with creating app-registrations and I have read the URL Restrictions page many times: https://learn.microsoft.com/en-us/azure/active-directory/develop/reply-url
I have created two return urls which represent the IIS website application for a customer:
1) https://my.securewebapp.com/customer1
2) https://my.securewebapp.com/customer2
I redirect the user to: https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=**https://my.securewebapp.com/customer1** but azure returns the code to https://my.securewebapp.com/customer2.
If I then add another URL:
3) http:localhost:44444/
redirect the user to: https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=**https://my.securewebapp.com/customer1** but azure returns the code to http:localhost:44444/
So customer 1 gets to find out customer 2's application name or gets redirected to a localhost url!
Thank you for the update, @Phil Gray . I've updated the tags accordingly. The Azure AD app registration team will help you further.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 60%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWS%3C/text%3E%3C/svg%3E)
Any update on the resolution? it seems like no valid answer is posted on this thread. Not sure if the Azure AD app registration team directly responded to Phil Gray.
Could anyone post the resolution for this issue here???
No help from anyone at MS? I can't be the only one with this issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 32%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
I also have the same issue, @Phil Gray How did you resolve it?
Sadly I had to bodge it. I created a new web application and set the return URL to this new site. When I send the auth request to MS, I then encrypt the real returnURL and send it in the state parameter. The new site decrypts the state and redirects back to the correct instance.