Razor WebApp & Azure Active Directory SSO Redirect Non tenant users

Question

I have connected my razor web app with aad sso which works and performs as expected. However, when a user tries to login that is not part of the aad tenant, it defaults to the basic error page which then shows the tenant's name, appid etc.

How am I able to redirect users?

Connected aad/sso in vs2022 via: Connected Services -> Microsoft Identity platform

Answer 1

I think you should fix it at the code level of your application.

You can customize the CallbackPath in your AzureAd settings in the appsettings.json file. This path is where the user is redirected after they authenticate with AAD (https://stackoverflow.com/questions/61426913/change-redirecturi-and-callbackpath-for-azuread-authentication-in-net-core-3-1)

You can also create a custom controller action that checks the role of the logged user and redirects them accordingly

Here’s a sample code snippet for your Startup.cs file:

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
    .AddAzureAD(options => Configuration.Bind("AzureAd", options));
    services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
    {
        options.Events = new OpenIdConnectEvents
        {
            OnRemoteFailure = context =>
            {
                context.HandleResponse();
                context.Response.Redirect("/Error");
                return Task.FromResult(0);
            }
        };
    });
}

In this code, "/Error" is the path to your custom error page. You can replace it with the path to your error page.

More info: https://devcodef1.com/news/1183190/razorwebapp-and-azure-ad-sso-non-tenant-user-redirects

If the answer helped you consider accepting it.